TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b3836-4a08-7387-ba2f-4b242afc3dc8

complete
Chain ID
1
Address
0x0aa95de40c2839d760b949b27cadb0586dff0400
Block Number
Created
Fri, Dec 19, 2025 8:04 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted CALL target/value reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
6709 artifact.fetch complete 1 / 3 4 months ago
6710 tool.cast_disasm complete 1 / 3 4 months ago
49580 analysis.bundle complete 1 / 3 2 weeks ago
49581 capability.graph complete 1 / 3 2 weeks ago
49582 detector.run complete 1 / 3 2 weeks ago
49583 validation.fork complete 1 / 3 2 weeks ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
1
CREATE2
0
CALL-family (heavy)
1
EXT*/BALANCE
1
Total opcodes
180
Flags
selfdestruct_present
View cast disassembly output 
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: ISZERO
00000007: PUSH2 0x0048
0000000a: JUMPI
0000000b: PUSH1 0x00
0000000d: CALLDATALOAD
0000000e: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
0000002c: SWAP1
0000002d: DIV
0000002e: DUP1
0000002f: PUSH4 0x41c0e1b5
00000034: EQ
00000035: PUSH2 0x00ab
00000038: JUMPI
00000039: DUP1
0000003a: PUSH4 0xe5225381
0000003f: EQ
00000040: PUSH2 0x00b8
00000043: JUMPI
00000044: PUSH2 0x0048
00000047: JUMP
00000048: JUMPDEST
00000049: PUSH2 0x00a9
0000004c: JUMPDEST
0000004d: PUSH1 0x00
0000004f: CALLVALUE
00000050: GT
00000051: ISZERO
00000052: PUSH2 0x00a6
00000055: JUMPI
00000056: PUSH1 0x58
00000058: CALLER
00000059: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000006e: AND
0000006f: PUSH32 0x90890809c654f11d6e72a28fa60149770a0d11ec6c92319d6ceb2bb0a4ea1a15
00000090: CALLVALUE
00000091: PUSH1 0x40
00000093: MLOAD
00000094: DUP1
00000095: DUP3
00000096: DUP2
00000097: MSTORE
00000098: PUSH1 0x20
0000009a: ADD
0000009b: SWAP2
0000009c: POP
0000009d: POP
0000009e: PUSH1 0x40
000000a0: MLOAD
000000a1: DUP1
000000a2: SWAP2
000000a3: SUB
000000a4: SWAP1
000000a5: LOG3
000000a6: JUMPDEST
000000a7: JUMPDEST
000000a8: JUMP
000000a9: JUMPDEST
000000aa: STOP
000000ab: JUMPDEST
000000ac: PUSH2 0x00b6
000000af: PUSH1 0x04
000000b1: POP
000000b2: PUSH2 0x018b
000000b5: JUMP
000000b6: JUMPDEST
000000b7: STOP
000000b8: JUMPDEST
000000b9: PUSH2 0x00c3
000000bc: PUSH1 0x04
000000be: POP
000000bf: PUSH2 0x00c5
000000c2: JUMP
000000c3: JUMPDEST
000000c4: STOP
000000c5: JUMPDEST
000000c6: PUSH1 0x00
000000c8: PUSH1 0x00
000000ca: SWAP1
000000cb: SLOAD
000000cc: SWAP1
000000cd: PUSH2 0x0100
000000d0: EXP
000000d1: SWAP1
000000d2: DIV
000000d3: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000e8: AND
000000e9: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000fe: AND
000000ff: CALLER
00000100: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000115: AND
00000116: EQ
00000117: ISZERO
00000118: PUSH2 0x0188
0000011b: JUMPI
0000011c: PUSH1 0x00
0000011e: PUSH1 0x00
00000120: SWAP1
00000121: SLOAD
00000122: SWAP1
00000123: PUSH2 0x0100
00000126: EXP
00000127: SWAP1
00000128: DIV
00000129: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000013e: AND
0000013f: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000154: AND
00000155: PUSH1 0x00
00000157: ADDRESS
00000158: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000016d: AND
0000016e: BALANCE
0000016f: PUSH1 0x40
00000171: MLOAD
00000172: DUP1
00000173: SWAP1
00000174: POP
00000175: PUSH1 0x00
00000177: PUSH1 0x40
00000179: MLOAD
0000017a: DUP1
0000017b: DUP4
0000017c: SUB
0000017d: DUP2
0000017e: DUP6
0000017f: DUP9
00000180: DUP9
00000181: CALL
00000182: SWAP4
00000183: POP
00000184: POP
00000185: POP
00000186: POP
00000187: POP
00000188: JUMPDEST
00000189: JUMPDEST
0000018a: JUMP
0000018b: JUMPDEST
0000018c: PUSH1 0x00
0000018e: PUSH1 0x00
00000190: SWAP1
00000191: SLOAD
00000192: SWAP1
00000193: PUSH2 0x0100
00000196: EXP
00000197: SWAP1
00000198: DIV
00000199: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001ae: AND
000001af: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001c4: AND
000001c5: CALLER
000001c6: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001db: AND
000001dc: EQ
000001dd: ISZERO
000001de: PUSH2 0x021c
000001e1: JUMPI
000001e2: PUSH1 0x00
000001e4: PUSH1 0x00
000001e6: SWAP1
000001e7: SLOAD
000001e8: SWAP1
000001e9: PUSH2 0x0100
000001ec: EXP
000001ed: SWAP1
000001ee: DIV
000001ef: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000204: AND
00000205: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000021a: AND
0000021b: SELFDESTRUCT
0000021c: JUMPDEST
0000021d: JUMPDEST
0000021e: JUMP
View stderr 
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
medium other detector Untrusted CALL target/value reachable 45 no no
view
trace_id: 0x5771ad578c79a6806476e92fd68a115efddcc4f2271f7cd400dc22a22e781d73
call_targets: 0x0aa95de40c2839d760b949b27cadb0586dff0400
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x5771ad578c79a6806476e92fd68a115efddcc4f2271f7cd400dc22a22e781d73",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x0aa95de40c2839d760b949b27cadb0586dff0400"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x41c0e1b5",
            "selector": "0x41c0e1b5",
            "calldata_variants": [
                "0x41c0e1b5",
                "0x41c0e1b50000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe5225381",
            "selector": "0xe5225381",
            "calldata_variants": [
                "0xe5225381",
                "0xe52253810000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 385,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 1,
    "guards_detected": [
        {
            "pc": 255,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 453,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ],
    "untrusted_call_count": 1
}
medium other detector ETH value transfer possible 40 no no
view
trace_id: 0x5771ad578c79a6806476e92fd68a115efddcc4f2271f7cd400dc22a22e781d73
call_targets: 0x0aa95de40c2839d760b949b27cadb0586dff0400
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x5771ad578c79a6806476e92fd68a115efddcc4f2271f7cd400dc22a22e781d73",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x0aa95de40c2839d760b949b27cadb0586dff0400"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x41c0e1b5",
            "selector": "0x41c0e1b5",
            "calldata_variants": [
                "0x41c0e1b5",
                "0x41c0e1b50000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe5225381",
            "selector": "0xe5225381",
            "calldata_variants": [
                "0xe5225381",
                "0xe52253810000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 385,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 1,
    "guards_detected": [
        {
            "pc": 255,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 453,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ]
}
medium other detector SELFDESTRUCT reachable 45 no no
view
trace_id: 0x100f060c1601dcea1e85b8ffd28569548b320b8039cbb3a0efaa4027c3e0209c
validation_json 
{
    "sink": "SELFDESTRUCT",
    "errors": 0,
    "status": "unknown",
    "attempts": 4,
    "trace_id": "0x100f060c1601dcea1e85b8ffd28569548b320b8039cbb3a0efaa4027c3e0209c",
    "confirmed": false,
    "trace_mode": "structLogs",
    "call_targets": null,
    "matched_probe": null,
    "target_varies": null,
    "classification": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x41c0e1b5",
            "selector": "0x41c0e1b5",
            "calldata_variants": [
                "0x41c0e1b5",
                "0x41c0e1b50000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe5225381",
            "selector": "0xe5225381",
            "calldata_variants": [
                "0xe5225381",
                "0xe52253810000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "guards_detected": [
        {
            "pc": 255,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 453,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ],
    "selfdestruct_count": 1
}