TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b3836-4fec-7029-a962-c8a1933c95f0

complete
Chain ID
1
Address
0x52e2a44945f28ee13ec7fcb9c44573f1de87f2f5
Block Number
Created
Fri, Dec 19, 2025 8:04 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted CALL target/value reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
7593 artifact.fetch complete 1 / 3 4 months ago
7594 tool.cast_disasm complete 1 / 3 4 months ago
82271 analysis.bundle complete 1 / 3 2 weeks ago
82272 capability.graph complete 1 / 3 2 weeks ago
82273 detector.run complete 1 / 3 2 weeks ago
82274 validation.fork complete 1 / 3 2 weeks ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
2
EXT*/BALANCE
3
Total opcodes
382
Flags
No heuristic flags raised.
View cast disassembly output 
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x00
00000007: CALLDATALOAD
00000008: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
00000026: SWAP1
00000027: DIV
00000028: DUP1
00000029: PUSH4 0x4e71d92d
0000002e: EQ
0000002f: PUSH2 0x005a
00000032: JUMPI
00000033: DUP1
00000034: PUSH4 0x590e1ae3
00000039: EQ
0000003a: PUSH2 0x0069
0000003d: JUMPI
0000003e: DUP1
0000003f: PUSH4 0x5f8d96de
00000044: EQ
00000045: PUSH2 0x0078
00000048: JUMPI
00000049: DUP1
0000004a: PUSH4 0xd7bb99ba
0000004f: EQ
00000050: PUSH2 0x009b
00000053: JUMPI
00000054: PUSH2 0x0058
00000057: JUMP
00000058: JUMPDEST
00000059: STOP
0000005a: JUMPDEST
0000005b: PUSH2 0x0067
0000005e: PUSH1 0x04
00000060: DUP1
00000061: POP
00000062: POP
00000063: PUSH2 0x00aa
00000066: JUMP
00000067: JUMPDEST
00000068: STOP
00000069: JUMPDEST
0000006a: PUSH2 0x0076
0000006d: PUSH1 0x04
0000006f: DUP1
00000070: POP
00000071: POP
00000072: PUSH2 0x017e
00000075: JUMP
00000076: JUMPDEST
00000077: STOP
00000078: JUMPDEST
00000079: PUSH2 0x0085
0000007c: PUSH1 0x04
0000007e: DUP1
0000007f: POP
00000080: POP
00000081: PUSH2 0x029a
00000084: JUMP
00000085: JUMPDEST
00000086: PUSH1 0x40
00000088: MLOAD
00000089: DUP1
0000008a: DUP3
0000008b: DUP2
0000008c: MSTORE
0000008d: PUSH1 0x20
0000008f: ADD
00000090: SWAP2
00000091: POP
00000092: POP
00000093: PUSH1 0x40
00000095: MLOAD
00000096: DUP1
00000097: SWAP2
00000098: SUB
00000099: SWAP1
0000009a: RETURN
0000009b: JUMPDEST
0000009c: PUSH2 0x00a8
0000009f: PUSH1 0x04
000000a1: DUP1
000000a2: POP
000000a3: POP
000000a4: PUSH2 0x02aa
000000a7: JUMP
000000a8: JUMPDEST
000000a9: STOP
000000aa: JUMPDEST
000000ab: PUSH1 0x02
000000ad: PUSH1 0x00
000000af: POP
000000b0: SLOAD
000000b1: TIMESTAMP
000000b2: GT
000000b3: DUP1
000000b4: ISZERO
000000b5: PUSH2 0x00da
000000b8: JUMPI
000000b9: POP
000000ba: PUSH1 0x00
000000bc: PUSH1 0x00
000000be: POP
000000bf: SLOAD
000000c0: ADDRESS
000000c1: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000d6: AND
000000d7: BALANCE
000000d8: LT
000000d9: ISZERO
000000da: JUMPDEST
000000db: ISZERO
000000dc: PUSH2 0x017b
000000df: JUMPI
000000e0: PUSH1 0x01
000000e2: PUSH1 0x00
000000e4: SWAP1
000000e5: SLOAD
000000e6: SWAP1
000000e7: PUSH2 0x0100
000000ea: EXP
000000eb: SWAP1
000000ec: DIV
000000ed: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000102: AND
00000103: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000118: AND
00000119: PUSH1 0x00
0000011b: ADDRESS
0000011c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000131: AND
00000132: BALANCE
00000133: PUSH1 0x40
00000135: MLOAD
00000136: DUP1
00000137: SWAP1
00000138: POP
00000139: PUSH1 0x00
0000013b: PUSH1 0x40
0000013d: MLOAD
0000013e: DUP1
0000013f: DUP4
00000140: SUB
00000141: DUP2
00000142: DUP6
00000143: DUP9
00000144: DUP9
00000145: CALL
00000146: SWAP4
00000147: POP
00000148: POP
00000149: POP
0000014a: POP
0000014b: POP
0000014c: PUSH32 0xee8bd2627aed9de724b2a6436eb39b6f0fb4cc3887341b3f8a72d9babec9eb64
0000016d: PUSH1 0x40
0000016f: MLOAD
00000170: DUP1
00000171: SWAP1
00000172: POP
00000173: PUSH1 0x40
00000175: MLOAD
00000176: DUP1
00000177: SWAP2
00000178: SUB
00000179: SWAP1
0000017a: LOG1
0000017b: JUMPDEST
0000017c: JUMPDEST
0000017d: JUMP
0000017e: JUMPDEST
0000017f: PUSH1 0x02
00000181: PUSH1 0x00
00000183: POP
00000184: SLOAD
00000185: TIMESTAMP
00000186: GT
00000187: DUP1
00000188: ISZERO
00000189: PUSH2 0x01ad
0000018c: JUMPI
0000018d: POP
0000018e: PUSH1 0x00
00000190: PUSH1 0x00
00000192: POP
00000193: SLOAD
00000194: ADDRESS
00000195: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001aa: AND
000001ab: BALANCE
000001ac: LT
000001ad: JUMPDEST
000001ae: ISZERO
000001af: PUSH2 0x0297
000001b2: JUMPI
000001b3: CALLER
000001b4: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001c9: AND
000001ca: PUSH1 0x00
000001cc: PUSH1 0x03
000001ce: PUSH1 0x00
000001d0: POP
000001d1: PUSH1 0x00
000001d3: CALLER
000001d4: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001e9: AND
000001ea: DUP2
000001eb: MSTORE
000001ec: PUSH1 0x20
000001ee: ADD
000001ef: SWAP1
000001f0: DUP2
000001f1: MSTORE
000001f2: PUSH1 0x20
000001f4: ADD
000001f5: PUSH1 0x00
000001f7: KECCAK256
000001f8: PUSH1 0x00
000001fa: POP
000001fb: SLOAD
000001fc: PUSH1 0x40
000001fe: MLOAD
000001ff: DUP1
00000200: SWAP1
00000201: POP
00000202: PUSH1 0x00
00000204: PUSH1 0x40
00000206: MLOAD
00000207: DUP1
00000208: DUP4
00000209: SUB
0000020a: DUP2
0000020b: DUP6
0000020c: DUP9
0000020d: DUP9
0000020e: CALL
0000020f: SWAP4
00000210: POP
00000211: POP
00000212: POP
00000213: POP
00000214: POP
00000215: PUSH32 0xa106080046e721a64324bdde8bc3488902e644ecc9f2e01c2db2c65debf6fa2e
00000236: CALLER
00000237: PUSH1 0x40
00000239: MLOAD
0000023a: DUP1
0000023b: DUP3
0000023c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000251: AND
00000252: DUP2
00000253: MSTORE
00000254: PUSH1 0x20
00000256: ADD
00000257: SWAP2
00000258: POP
00000259: POP
0000025a: PUSH1 0x40
0000025c: MLOAD
0000025d: DUP1
0000025e: SWAP2
0000025f: SUB
00000260: SWAP1
00000261: LOG1
00000262: PUSH1 0x00
00000264: PUSH1 0x03
00000266: PUSH1 0x00
00000268: POP
00000269: PUSH1 0x00
0000026b: CALLER
0000026c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000281: AND
00000282: DUP2
00000283: MSTORE
00000284: PUSH1 0x20
00000286: ADD
00000287: SWAP1
00000288: DUP2
00000289: MSTORE
0000028a: PUSH1 0x20
0000028c: ADD
0000028d: PUSH1 0x00
0000028f: KECCAK256
00000290: PUSH1 0x00
00000292: POP
00000293: DUP2
00000294: SWAP1
00000295: SSTORE
00000296: POP
00000297: JUMPDEST
00000298: JUMPDEST
00000299: JUMP
0000029a: JUMPDEST
0000029b: PUSH1 0x00
0000029d: PUSH1 0x02
0000029f: PUSH1 0x00
000002a1: POP
000002a2: SLOAD
000002a3: SWAP1
000002a4: POP
000002a5: DUP1
000002a6: POP
000002a7: JUMPDEST
000002a8: SWAP1
000002a9: JUMP
000002aa: JUMPDEST
000002ab: PUSH1 0x02
000002ad: PUSH1 0x00
000002af: POP
000002b0: SLOAD
000002b1: TIMESTAMP
000002b2: GT
000002b3: ISZERO
000002b4: ISZERO
000002b5: PUSH2 0x034a
000002b8: JUMPI
000002b9: CALLVALUE
000002ba: PUSH1 0x03
000002bc: PUSH1 0x00
000002be: POP
000002bf: PUSH1 0x00
000002c1: CALLER
000002c2: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000002d7: AND
000002d8: DUP2
000002d9: MSTORE
000002da: PUSH1 0x20
000002dc: ADD
000002dd: SWAP1
000002de: DUP2
000002df: MSTORE
000002e0: PUSH1 0x20
000002e2: ADD
000002e3: PUSH1 0x00
000002e5: KECCAK256
000002e6: PUSH1 0x00
000002e8: DUP3
000002e9: DUP3
000002ea: DUP3
000002eb: POP
000002ec: SLOAD
000002ed: ADD
000002ee: SWAP3
000002ef: POP
000002f0: POP
000002f1: DUP2
000002f2: SWAP1
000002f3: SSTORE
000002f4: POP
000002f5: PUSH32 0x370510fa7e8c74204b8d2fd52b7a0837e535ea0c1491fd4e13730ce825e40524
00000316: CALLER
00000317: CALLVALUE
00000318: PUSH1 0x40
0000031a: MLOAD
0000031b: DUP1
0000031c: DUP4
0000031d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000332: AND
00000333: DUP2
00000334: MSTORE
00000335: PUSH1 0x20
00000337: ADD
00000338: DUP3
00000339: DUP2
0000033a: MSTORE
0000033b: PUSH1 0x20
0000033d: ADD
0000033e: SWAP3
0000033f: POP
00000340: POP
00000341: POP
00000342: PUSH1 0x40
00000344: MLOAD
00000345: DUP1
00000346: SWAP2
00000347: SUB
00000348: SWAP1
00000349: LOG1
0000034a: JUMPDEST
0000034b: JUMPDEST
0000034c: JUMP
View stderr 
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high other detector Untrusted CALL target/value reachable 60 no no
view
trace_id: 0xdb77f3e4a74e9afe09af2d228c31e81f6af11c3bd1b3b7c6a083bef4b3cddc66
call_targets: 0x52e2a44945f28ee13ec7fcb9c44573f1de87f2f5
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0xdb77f3e4a74e9afe09af2d228c31e81f6af11c3bd1b3b7c6a083bef4b3cddc66",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x52e2a44945f28ee13ec7fcb9c44573f1de87f2f5"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x4e71d92d",
            "selector": "0x4e71d92d",
            "calldata_variants": [
                "0x4e71d92d",
                "0x4e71d92d0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x590e1ae3",
            "selector": "0x590e1ae3",
            "calldata_variants": [
                "0x590e1ae3",
                "0x590e1ae30000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x5f8d96de",
            "selector": "0x5f8d96de",
            "calldata_variants": [
                "0x5f8d96de",
                "0x5f8d96de0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xd7bb99ba",
            "selector": "0xd7bb99ba",
            "calldata_variants": [
                "0xd7bb99ba",
                "0xd7bb99ba0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 325,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 526,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 2,
    "guards_detected": [],
    "untrusted_call_count": 2
}
high other detector ETH value transfer possible 55 no no
view
trace_id: 0xdb77f3e4a74e9afe09af2d228c31e81f6af11c3bd1b3b7c6a083bef4b3cddc66
call_targets: 0x52e2a44945f28ee13ec7fcb9c44573f1de87f2f5
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0xdb77f3e4a74e9afe09af2d228c31e81f6af11c3bd1b3b7c6a083bef4b3cddc66",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x52e2a44945f28ee13ec7fcb9c44573f1de87f2f5"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x4e71d92d",
            "selector": "0x4e71d92d",
            "calldata_variants": [
                "0x4e71d92d",
                "0x4e71d92d0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x590e1ae3",
            "selector": "0x590e1ae3",
            "calldata_variants": [
                "0x590e1ae3",
                "0x590e1ae30000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x5f8d96de",
            "selector": "0x5f8d96de",
            "calldata_variants": [
                "0x5f8d96de",
                "0x5f8d96de0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xd7bb99ba",
            "selector": "0xd7bb99ba",
            "calldata_variants": [
                "0xd7bb99ba",
                "0xd7bb99ba0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 325,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 526,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 2,
    "guards_detected": []
}