TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b3836-5212-707b-8475-cd7df1b44031

complete
Chain ID
1
Address
0x56a0642291991b87ac8d2c82d0a078de92e3b5aa
Block Number
Created
Fri, Dec 19, 2025 8:04 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted CALL target/value reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
7861 artifact.fetch complete 1 / 3 4 months ago
7862 tool.cast_disasm complete 1 / 3 4 months ago
81855 analysis.bundle complete 1 / 3 2 weeks ago
81856 capability.graph complete 1 / 3 2 weeks ago
81857 detector.run complete 1 / 3 2 weeks ago
81858 validation.fork complete 1 / 3 2 weeks ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
2
EXT*/BALANCE
0
Total opcodes
366
Flags
No heuristic flags raised.
View cast disassembly output 
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x00
00000007: CALLDATALOAD
00000008: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
00000026: SWAP1
00000027: DIV
00000028: DUP1
00000029: PUSH4 0x8da5cb5b
0000002e: EQ
0000002f: PUSH2 0x004f
00000032: JUMPI
00000033: DUP1
00000034: PUSH4 0x9f0b17e3
00000039: EQ
0000003a: PUSH2 0x0088
0000003d: JUMPI
0000003e: DUP1
0000003f: PUSH4 0xf0350c04
00000044: EQ
00000045: PUSH2 0x00f0
00000048: JUMPI
00000049: PUSH2 0x004d
0000004c: JUMP
0000004d: JUMPDEST
0000004e: STOP
0000004f: JUMPDEST
00000050: PUSH2 0x005c
00000053: PUSH1 0x04
00000055: DUP1
00000056: POP
00000057: POP
00000058: PUSH2 0x0108
0000005b: JUMP
0000005c: JUMPDEST
0000005d: PUSH1 0x40
0000005f: MLOAD
00000060: DUP1
00000061: DUP3
00000062: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000077: AND
00000078: DUP2
00000079: MSTORE
0000007a: PUSH1 0x20
0000007c: ADD
0000007d: SWAP2
0000007e: POP
0000007f: POP
00000080: PUSH1 0x40
00000082: MLOAD
00000083: DUP1
00000084: SWAP2
00000085: SUB
00000086: SWAP1
00000087: RETURN
00000088: JUMPDEST
00000089: PUSH2 0x00ee
0000008c: PUSH1 0x04
0000008e: DUP1
0000008f: DUP1
00000090: CALLDATALOAD
00000091: SWAP1
00000092: PUSH1 0x20
00000094: ADD
00000095: SWAP1
00000096: SWAP2
00000097: SWAP1
00000098: DUP1
00000099: CALLDATALOAD
0000009a: SWAP1
0000009b: PUSH1 0x20
0000009d: ADD
0000009e: SWAP1
0000009f: SWAP2
000000a0: SWAP1
000000a1: DUP1
000000a2: CALLDATALOAD
000000a3: SWAP1
000000a4: PUSH1 0x20
000000a6: ADD
000000a7: SWAP1
000000a8: DUP3
000000a9: ADD
000000aa: DUP1
000000ab: CALLDATALOAD
000000ac: SWAP1
000000ad: PUSH1 0x20
000000af: ADD
000000b0: SWAP2
000000b1: SWAP2
000000b2: SWAP1
000000b3: DUP1
000000b4: DUP1
000000b5: PUSH1 0x1f
000000b7: ADD
000000b8: PUSH1 0x20
000000ba: DUP1
000000bb: SWAP2
000000bc: DIV
000000bd: MUL
000000be: PUSH1 0x20
000000c0: ADD
000000c1: PUSH1 0x40
000000c3: MLOAD
000000c4: SWAP1
000000c5: DUP2
000000c6: ADD
000000c7: PUSH1 0x40
000000c9: MSTORE
000000ca: DUP1
000000cb: SWAP4
000000cc: SWAP3
000000cd: SWAP2
000000ce: SWAP1
000000cf: DUP2
000000d0: DUP2
000000d1: MSTORE
000000d2: PUSH1 0x20
000000d4: ADD
000000d5: DUP4
000000d6: DUP4
000000d7: DUP1
000000d8: DUP3
000000d9: DUP5
000000da: CALLDATACOPY
000000db: DUP3
000000dc: ADD
000000dd: SWAP2
000000de: POP
000000df: POP
000000e0: POP
000000e1: POP
000000e2: POP
000000e3: POP
000000e4: SWAP1
000000e5: SWAP1
000000e6: SWAP2
000000e7: SWAP1
000000e8: POP
000000e9: POP
000000ea: PUSH2 0x012e
000000ed: JUMP
000000ee: JUMPDEST
000000ef: STOP
000000f0: JUMPDEST
000000f1: PUSH2 0x0106
000000f4: PUSH1 0x04
000000f6: DUP1
000000f7: DUP1
000000f8: CALLDATALOAD
000000f9: SWAP1
000000fa: PUSH1 0x20
000000fc: ADD
000000fd: SWAP1
000000fe: SWAP2
000000ff: SWAP1
00000100: POP
00000101: POP
00000102: PUSH2 0x024b
00000105: JUMP
00000106: JUMPDEST
00000107: STOP
00000108: JUMPDEST
00000109: PUSH1 0x00
0000010b: PUSH1 0x00
0000010d: SWAP1
0000010e: SLOAD
0000010f: SWAP1
00000110: PUSH2 0x0100
00000113: EXP
00000114: SWAP1
00000115: DIV
00000116: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000012b: AND
0000012c: DUP2
0000012d: JUMP
0000012e: JUMPDEST
0000012f: ADDRESS
00000130: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000145: AND
00000146: CALLER
00000147: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000015c: AND
0000015d: EQ
0000015e: DUP1
0000015f: PUSH2 0x01b5
00000162: JUMPI
00000163: POP
00000164: PUSH1 0x00
00000166: PUSH1 0x00
00000168: SWAP1
00000169: SLOAD
0000016a: SWAP1
0000016b: PUSH2 0x0100
0000016e: EXP
0000016f: SWAP1
00000170: DIV
00000171: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000186: AND
00000187: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000019c: AND
0000019d: CALLER
0000019e: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001b3: AND
000001b4: EQ
000001b5: JUMPDEST
000001b6: ISZERO
000001b7: PUSH2 0x0245
000001ba: JUMPI
000001bb: DUP3
000001bc: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001d1: AND
000001d2: DUP3
000001d3: DUP3
000001d4: PUSH1 0x40
000001d6: MLOAD
000001d7: DUP1
000001d8: DUP3
000001d9: DUP1
000001da: MLOAD
000001db: SWAP1
000001dc: PUSH1 0x20
000001de: ADD
000001df: SWAP1
000001e0: DUP1
000001e1: DUP4
000001e2: DUP4
000001e3: DUP3
000001e4: SWAP1
000001e5: PUSH1 0x00
000001e7: PUSH1 0x04
000001e9: PUSH1 0x20
000001eb: DUP5
000001ec: PUSH1 0x1f
000001ee: ADD
000001ef: DIV
000001f0: PUSH1 0x0f
000001f2: MUL
000001f3: PUSH1 0x03
000001f5: ADD
000001f6: CALL
000001f7: POP
000001f8: SWAP1
000001f9: POP
000001fa: SWAP1
000001fb: DUP2
000001fc: ADD
000001fd: SWAP1
000001fe: PUSH1 0x1f
00000200: AND
00000201: DUP1
00000202: ISZERO
00000203: PUSH2 0x0220
00000206: JUMPI
00000207: DUP1
00000208: DUP3
00000209: SUB
0000020a: DUP1
0000020b: MLOAD
0000020c: PUSH1 0x01
0000020e: DUP4
0000020f: PUSH1 0x20
00000211: SUB
00000212: PUSH2 0x0100
00000215: EXP
00000216: SUB
00000217: NOT
00000218: AND
00000219: DUP2
0000021a: MSTORE
0000021b: PUSH1 0x20
0000021d: ADD
0000021e: SWAP2
0000021f: POP
00000220: JUMPDEST
00000221: POP
00000222: SWAP2
00000223: POP
00000224: POP
00000225: PUSH1 0x00
00000227: PUSH1 0x40
00000229: MLOAD
0000022a: DUP1
0000022b: DUP4
0000022c: SUB
0000022d: DUP2
0000022e: DUP6
0000022f: DUP8
00000230: PUSH2 0x8502
00000233: GAS
00000234: SUB
00000235: CALL
00000236: SWAP3
00000237: POP
00000238: POP
00000239: POP
0000023a: ISZERO
0000023b: ISZERO
0000023c: PUSH2 0x0244
0000023f: JUMPI
00000240: PUSH2 0x0002
00000243: JUMP
00000244: JUMPDEST
00000245: JUMPDEST
00000246: JUMPDEST
00000247: POP
00000248: POP
00000249: POP
0000024a: JUMP
0000024b: JUMPDEST
0000024c: ADDRESS
0000024d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000262: AND
00000263: CALLER
00000264: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000279: AND
0000027a: EQ
0000027b: DUP1
0000027c: PUSH2 0x02d2
0000027f: JUMPI
00000280: POP
00000281: PUSH1 0x00
00000283: PUSH1 0x00
00000285: SWAP1
00000286: SLOAD
00000287: SWAP1
00000288: PUSH2 0x0100
0000028b: EXP
0000028c: SWAP1
0000028d: DIV
0000028e: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000002a3: AND
000002a4: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000002b9: AND
000002ba: CALLER
000002bb: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000002d0: AND
000002d1: EQ
000002d2: JUMPDEST
000002d3: ISZERO
000002d4: PUSH2 0x0303
000002d7: JUMPI
000002d8: DUP1
000002d9: PUSH1 0x00
000002db: PUSH1 0x00
000002dd: PUSH2 0x0100
000002e0: EXP
000002e1: DUP2
000002e2: SLOAD
000002e3: DUP2
000002e4: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000002f9: MUL
000002fa: NOT
000002fb: AND
000002fc: SWAP1
000002fd: DUP4
000002fe: MUL
000002ff: OR
00000300: SWAP1
00000301: SSTORE
00000302: POP
00000303: JUMPDEST
00000304: JUMPDEST
00000305: POP
00000306: JUMP
View stderr 
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
medium other detector Untrusted CALL target/value reachable 45 no no
view
trace_id: 0xc0007459ae6caa43fb03bf5d2050e2b802fe517aa196a6b27ff79f65ae8d997f
call_targets: 0x56a0642291991b87ac8d2c82d0a078de92e3b5aa
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0xc0007459ae6caa43fb03bf5d2050e2b802fe517aa196a6b27ff79f65ae8d997f",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x56a0642291991b87ac8d2c82d0a078de92e3b5aa"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x8da5cb5b",
            "selector": "0x8da5cb5b",
            "calldata_variants": [
                "0x8da5cb5b",
                "0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x9f0b17e3",
            "selector": "0x9f0b17e3",
            "calldata_variants": [
                "0x9f0b17e3",
                "0x9f0b17e30000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf0350c04",
            "selector": "0xf0350c04",
            "calldata_variants": [
                "0xf0350c04",
                "0xf0350c040000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 502,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 565,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 2,
    "guards_detected": [
        {
            "pc": 326,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 413,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 611,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 698,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ],
    "untrusted_call_count": 2
}
medium other detector ETH value transfer possible 40 no no
view
trace_id: 0xc0007459ae6caa43fb03bf5d2050e2b802fe517aa196a6b27ff79f65ae8d997f
call_targets: 0x56a0642291991b87ac8d2c82d0a078de92e3b5aa
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0xc0007459ae6caa43fb03bf5d2050e2b802fe517aa196a6b27ff79f65ae8d997f",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x56a0642291991b87ac8d2c82d0a078de92e3b5aa"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x8da5cb5b",
            "selector": "0x8da5cb5b",
            "calldata_variants": [
                "0x8da5cb5b",
                "0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x9f0b17e3",
            "selector": "0x9f0b17e3",
            "calldata_variants": [
                "0x9f0b17e3",
                "0x9f0b17e30000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf0350c04",
            "selector": "0xf0350c04",
            "calldata_variants": [
                "0xf0350c04",
                "0xf0350c040000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 502,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 565,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 2,
    "guards_detected": [
        {
            "pc": 326,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 413,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 611,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 698,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ]
}