TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b3836-5a3b-70e8-a791-3c8082095a40

complete
Chain ID
1
Address
0x890b0f3f7b2917f7d5859bc68e6c6eea1026ba90
Block Number
Created
Fri, Dec 19, 2025 8:04 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted CALL target/value reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
8885 artifact.fetch complete 1 / 3 4 months ago
8886 tool.cast_disasm complete 1 / 3 4 months ago
52004 analysis.bundle complete 1 / 3 2 weeks ago
52005 capability.graph complete 1 / 3 2 weeks ago
52006 detector.run complete 1 / 3 2 weeks ago
52007 validation.fork complete 1 / 3 2 weeks ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
2
EXT*/BALANCE
3
Total opcodes
509
Flags
No heuristic flags raised.
View cast disassembly output 
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x00
00000007: CALLDATALOAD
00000008: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
00000026: SWAP1
00000027: DIV
00000028: DUP1
00000029: PUSH4 0x29dcb0cf
0000002e: EQ
0000002f: PUSH2 0x005a
00000032: JUMPI
00000033: DUP1
00000034: PUSH4 0x590e1ae3
00000039: EQ
0000003a: PUSH2 0x007d
0000003d: JUMPI
0000003e: DUP1
0000003f: PUSH4 0xb60d4288
00000044: EQ
00000045: PUSH2 0x008c
00000048: JUMPI
00000049: DUP1
0000004a: PUSH4 0xe5225381
0000004f: EQ
00000050: PUSH2 0x009b
00000053: JUMPI
00000054: PUSH2 0x0058
00000057: JUMP
00000058: JUMPDEST
00000059: STOP
0000005a: JUMPDEST
0000005b: PUSH2 0x0067
0000005e: PUSH1 0x04
00000060: DUP1
00000061: POP
00000062: POP
00000063: PUSH2 0x00aa
00000066: JUMP
00000067: JUMPDEST
00000068: PUSH1 0x40
0000006a: MLOAD
0000006b: DUP1
0000006c: DUP3
0000006d: DUP2
0000006e: MSTORE
0000006f: PUSH1 0x20
00000071: ADD
00000072: SWAP2
00000073: POP
00000074: POP
00000075: PUSH1 0x40
00000077: MLOAD
00000078: DUP1
00000079: SWAP2
0000007a: SUB
0000007b: SWAP1
0000007c: RETURN
0000007d: JUMPDEST
0000007e: PUSH2 0x008a
00000081: PUSH1 0x04
00000083: DUP1
00000084: POP
00000085: POP
00000086: PUSH2 0x00b3
00000089: JUMP
0000008a: JUMPDEST
0000008b: STOP
0000008c: JUMPDEST
0000008d: PUSH2 0x0099
00000090: PUSH1 0x04
00000092: DUP1
00000093: POP
00000094: POP
00000095: PUSH2 0x01ca
00000098: JUMP
00000099: JUMPDEST
0000009a: STOP
0000009b: JUMPDEST
0000009c: PUSH2 0x00a8
0000009f: PUSH1 0x04
000000a1: DUP1
000000a2: POP
000000a3: POP
000000a4: PUSH2 0x02d7
000000a7: JUMP
000000a8: JUMPDEST
000000a9: STOP
000000aa: JUMPDEST
000000ab: PUSH1 0x02
000000ad: PUSH1 0x00
000000af: POP
000000b0: SLOAD
000000b1: DUP2
000000b2: JUMP
000000b3: JUMPDEST
000000b4: PUSH1 0x00
000000b6: PUSH1 0x02
000000b8: PUSH1 0x00
000000ba: POP
000000bb: SLOAD
000000bc: TIMESTAMP
000000bd: GT
000000be: DUP1
000000bf: ISZERO
000000c0: PUSH2 0x00e4
000000c3: JUMPI
000000c4: POP
000000c5: PUSH1 0x01
000000c7: PUSH1 0x00
000000c9: POP
000000ca: SLOAD
000000cb: ADDRESS
000000cc: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000e1: AND
000000e2: BALANCE
000000e3: LT
000000e4: JUMPDEST
000000e5: ISZERO
000000e6: PUSH2 0x01c6
000000e9: JUMPI
000000ea: PUSH1 0x04
000000ec: PUSH1 0x00
000000ee: POP
000000ef: SLOAD
000000f0: SWAP1
000000f1: POP
000000f2: JUMPDEST
000000f3: PUSH1 0x00
000000f5: PUSH1 0x00
000000f7: POP
000000f8: DUP1
000000f9: SLOAD
000000fa: SWAP1
000000fb: POP
000000fc: DUP2
000000fd: LT
000000fe: DUP1
000000ff: ISZERO
00000100: PUSH2 0x010b
00000103: JUMPI
00000104: POP
00000105: PUSH3 0x030d40
00000109: GAS
0000010a: GT
0000010b: JUMPDEST
0000010c: ISZERO
0000010d: PUSH2 0x01bb
00000110: JUMPI
00000111: PUSH1 0x00
00000113: PUSH1 0x00
00000115: POP
00000116: DUP2
00000117: DUP2
00000118: SLOAD
00000119: DUP2
0000011a: LT
0000011b: ISZERO
0000011c: PUSH2 0x0002
0000011f: JUMPI
00000120: SWAP1
00000121: PUSH1 0x00
00000123: MSTORE
00000124: PUSH1 0x20
00000126: PUSH1 0x00
00000128: KECCAK256
00000129: SWAP1
0000012a: PUSH1 0x02
0000012c: MUL
0000012d: ADD
0000012e: PUSH1 0x00
00000130: JUMPDEST
00000131: POP
00000132: PUSH1 0x00
00000134: ADD
00000135: PUSH1 0x00
00000137: SWAP1
00000138: SLOAD
00000139: SWAP1
0000013a: PUSH2 0x0100
0000013d: EXP
0000013e: SWAP1
0000013f: DIV
00000140: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000155: AND
00000156: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000016b: AND
0000016c: PUSH1 0x00
0000016e: PUSH1 0x00
00000170: PUSH1 0x00
00000172: POP
00000173: DUP4
00000174: DUP2
00000175: SLOAD
00000176: DUP2
00000177: LT
00000178: ISZERO
00000179: PUSH2 0x0002
0000017c: JUMPI
0000017d: SWAP1
0000017e: PUSH1 0x00
00000180: MSTORE
00000181: PUSH1 0x20
00000183: PUSH1 0x00
00000185: KECCAK256
00000186: SWAP1
00000187: PUSH1 0x02
00000189: MUL
0000018a: ADD
0000018b: PUSH1 0x00
0000018d: JUMPDEST
0000018e: POP
0000018f: PUSH1 0x01
00000191: ADD
00000192: PUSH1 0x00
00000194: POP
00000195: SLOAD
00000196: PUSH1 0x40
00000198: MLOAD
00000199: DUP1
0000019a: SWAP1
0000019b: POP
0000019c: PUSH1 0x00
0000019e: PUSH1 0x40
000001a0: MLOAD
000001a1: DUP1
000001a2: DUP4
000001a3: SUB
000001a4: DUP2
000001a5: DUP6
000001a6: DUP9
000001a7: DUP9
000001a8: CALL
000001a9: SWAP4
000001aa: POP
000001ab: POP
000001ac: POP
000001ad: POP
000001ae: POP
000001af: DUP1
000001b0: DUP1
000001b1: PUSH1 0x01
000001b3: ADD
000001b4: SWAP2
000001b5: POP
000001b6: POP
000001b7: PUSH2 0x00f2
000001ba: JUMP
000001bb: JUMPDEST
000001bc: DUP1
000001bd: PUSH1 0x04
000001bf: PUSH1 0x00
000001c1: POP
000001c2: DUP2
000001c3: SWAP1
000001c4: SSTORE
000001c5: POP
000001c6: JUMPDEST
000001c7: JUMPDEST
000001c8: POP
000001c9: JUMP
000001ca: JUMPDEST
000001cb: PUSH1 0x02
000001cd: PUSH1 0x00
000001cf: POP
000001d0: SLOAD
000001d1: TIMESTAMP
000001d2: GT
000001d3: ISZERO
000001d4: PUSH2 0x01dc
000001d7: JUMPI
000001d8: PUSH2 0x0002
000001db: JUMP
000001dc: JUMPDEST
000001dd: PUSH1 0x00
000001df: PUSH1 0x00
000001e1: POP
000001e2: DUP1
000001e3: SLOAD
000001e4: DUP1
000001e5: PUSH1 0x01
000001e7: ADD
000001e8: DUP3
000001e9: DUP2
000001ea: DUP2
000001eb: SLOAD
000001ec: DUP2
000001ed: DUP4
000001ee: SSTORE
000001ef: DUP2
000001f0: DUP2
000001f1: ISZERO
000001f2: GT
000001f3: PUSH2 0x025f
000001f6: JUMPI
000001f7: PUSH1 0x02
000001f9: MUL
000001fa: DUP2
000001fb: PUSH1 0x02
000001fd: MUL
000001fe: DUP4
000001ff: PUSH1 0x00
00000201: MSTORE
00000202: PUSH1 0x20
00000204: PUSH1 0x00
00000206: KECCAK256
00000207: SWAP2
00000208: DUP3
00000209: ADD
0000020a: SWAP2
0000020b: ADD
0000020c: PUSH2 0x025e
0000020f: SWAP2
00000210: SWAP1
00000211: PUSH2 0x0215
00000214: JUMP
00000215: JUMPDEST
00000216: DUP1
00000217: DUP3
00000218: GT
00000219: ISZERO
0000021a: PUSH2 0x025a
0000021d: JUMPI
0000021e: PUSH1 0x00
00000220: PUSH1 0x00
00000222: DUP3
00000223: ADD
00000224: PUSH1 0x00
00000226: PUSH2 0x0100
00000229: EXP
0000022a: DUP2
0000022b: SLOAD
0000022c: SWAP1
0000022d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000242: MUL
00000243: NOT
00000244: AND
00000245: SWAP1
00000246: SSTORE
00000247: PUSH1 0x01
00000249: DUP3
0000024a: ADD
0000024b: PUSH1 0x00
0000024d: POP
0000024e: PUSH1 0x00
00000250: SWAP1
00000251: SSTORE
00000252: POP
00000253: PUSH1 0x02
00000255: ADD
00000256: PUSH2 0x0215
00000259: JUMP
0000025a: JUMPDEST
0000025b: POP
0000025c: SWAP1
0000025d: JUMP
0000025e: JUMPDEST
0000025f: JUMPDEST
00000260: POP
00000261: POP
00000262: POP
00000263: SWAP2
00000264: SWAP1
00000265: SWAP1
00000266: PUSH1 0x00
00000268: MSTORE
00000269: PUSH1 0x20
0000026b: PUSH1 0x00
0000026d: KECCAK256
0000026e: SWAP1
0000026f: PUSH1 0x02
00000271: MUL
00000272: ADD
00000273: PUSH1 0x00
00000275: JUMPDEST
00000276: PUSH1 0x40
00000278: PUSH1 0x40
0000027a: MLOAD
0000027b: SWAP1
0000027c: DUP2
0000027d: ADD
0000027e: PUSH1 0x40
00000280: MSTORE
00000281: DUP1
00000282: CALLER
00000283: DUP2
00000284: MSTORE
00000285: PUSH1 0x20
00000287: ADD
00000288: CALLVALUE
00000289: DUP2
0000028a: MSTORE
0000028b: PUSH1 0x20
0000028d: ADD
0000028e: POP
0000028f: SWAP1
00000290: SWAP2
00000291: SWAP1
00000292: SWAP2
00000293: POP
00000294: PUSH1 0x00
00000296: DUP3
00000297: ADD
00000298: MLOAD
00000299: DUP2
0000029a: PUSH1 0x00
0000029c: ADD
0000029d: PUSH1 0x00
0000029f: PUSH2 0x0100
000002a2: EXP
000002a3: DUP2
000002a4: SLOAD
000002a5: DUP2
000002a6: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000002bb: MUL
000002bc: NOT
000002bd: AND
000002be: SWAP1
000002bf: DUP4
000002c0: MUL
000002c1: OR
000002c2: SWAP1
000002c3: SSTORE
000002c4: POP
000002c5: PUSH1 0x20
000002c7: DUP3
000002c8: ADD
000002c9: MLOAD
000002ca: DUP2
000002cb: PUSH1 0x01
000002cd: ADD
000002ce: PUSH1 0x00
000002d0: POP
000002d1: SSTORE
000002d2: POP
000002d3: POP
000002d4: POP
000002d5: JUMPDEST
000002d6: JUMP
000002d7: JUMPDEST
000002d8: PUSH1 0x02
000002da: PUSH1 0x00
000002dc: POP
000002dd: SLOAD
000002de: TIMESTAMP
000002df: GT
000002e0: DUP1
000002e1: ISZERO
000002e2: PUSH2 0x0307
000002e5: JUMPI
000002e6: POP
000002e7: PUSH1 0x01
000002e9: PUSH1 0x00
000002eb: POP
000002ec: SLOAD
000002ed: ADDRESS
000002ee: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000303: AND
00000304: BALANCE
00000305: LT
00000306: ISZERO
00000307: JUMPDEST
00000308: ISZERO
00000309: PUSH2 0x0379
0000030c: JUMPI
0000030d: PUSH1 0x03
0000030f: PUSH1 0x00
00000311: SWAP1
00000312: SLOAD
00000313: SWAP1
00000314: PUSH2 0x0100
00000317: EXP
00000318: SWAP1
00000319: DIV
0000031a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000032f: AND
00000330: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000345: AND
00000346: PUSH1 0x00
00000348: ADDRESS
00000349: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000035e: AND
0000035f: BALANCE
00000360: PUSH1 0x40
00000362: MLOAD
00000363: DUP1
00000364: SWAP1
00000365: POP
00000366: PUSH1 0x00
00000368: PUSH1 0x40
0000036a: MLOAD
0000036b: DUP1
0000036c: DUP4
0000036d: SUB
0000036e: DUP2
0000036f: DUP6
00000370: DUP9
00000371: DUP9
00000372: CALL
00000373: SWAP4
00000374: POP
00000375: POP
00000376: POP
00000377: POP
00000378: POP
00000379: JUMPDEST
0000037a: JUMPDEST
0000037b: JUMP
View stderr 
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high other detector Untrusted CALL target/value reachable 60 no no
view
trace_id: 0xc9b7a8664da06036ad88b35f4ff1fe96f8c298d6b92efba59f9605091343696b
call_targets: 0x890b0f3f7b2917f7d5859bc68e6c6eea1026ba90
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0xc9b7a8664da06036ad88b35f4ff1fe96f8c298d6b92efba59f9605091343696b",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x890b0f3f7b2917f7d5859bc68e6c6eea1026ba90"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x29dcb0cf",
            "selector": "0x29dcb0cf",
            "calldata_variants": [
                "0x29dcb0cf",
                "0x29dcb0cf0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x590e1ae3",
            "selector": "0x590e1ae3",
            "calldata_variants": [
                "0x590e1ae3",
                "0x590e1ae30000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xb60d4288",
            "selector": "0xb60d4288",
            "calldata_variants": [
                "0xb60d4288",
                "0xb60d42880000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe5225381",
            "selector": "0xe5225381",
            "calldata_variants": [
                "0xe5225381",
                "0xe52253810000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 424,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 882,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 2,
    "guards_detected": [],
    "untrusted_call_count": 2
}
high other detector ETH value transfer possible 55 no no
view
trace_id: 0xc9b7a8664da06036ad88b35f4ff1fe96f8c298d6b92efba59f9605091343696b
call_targets: 0x890b0f3f7b2917f7d5859bc68e6c6eea1026ba90
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0xc9b7a8664da06036ad88b35f4ff1fe96f8c298d6b92efba59f9605091343696b",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x890b0f3f7b2917f7d5859bc68e6c6eea1026ba90"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x29dcb0cf",
            "selector": "0x29dcb0cf",
            "calldata_variants": [
                "0x29dcb0cf",
                "0x29dcb0cf0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x590e1ae3",
            "selector": "0x590e1ae3",
            "calldata_variants": [
                "0x590e1ae3",
                "0x590e1ae30000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xb60d4288",
            "selector": "0xb60d4288",
            "calldata_variants": [
                "0xb60d4288",
                "0xb60d42880000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe5225381",
            "selector": "0xe5225381",
            "calldata_variants": [
                "0xe5225381",
                "0xe52253810000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 424,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 882,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 2,
    "guards_detected": []
}