TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b3836-5b2d-724d-baca-081197790626

complete
Chain ID
1
Address
0x9f8d4420f9b86c26dcd38de61ea6041fc5a5017c
Block Number
Created
Fri, Dec 19, 2025 8:04 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted CALL target/value reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
9011 artifact.fetch complete 1 / 3 4 months ago
9012 tool.cast_disasm complete 1 / 3 4 months ago
52352 analysis.bundle complete 1 / 3 2 weeks ago
52353 capability.graph complete 1 / 3 2 weeks ago
52354 detector.run complete 1 / 3 2 weeks ago
52355 validation.fork complete 1 / 3 2 weeks ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
4
EXT*/BALANCE
0
Total opcodes
271
Flags
No heuristic flags raised.
View cast disassembly output 
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: ISZERO
00000007: PUSH2 0x001f
0000000a: JUMPI
0000000b: PUSH1 0xe0
0000000d: PUSH1 0x02
0000000f: EXP
00000010: PUSH1 0x00
00000012: CALLDATALOAD
00000013: DIV
00000014: PUSH4 0x0f2c9329
00000019: DUP2
0000001a: EQ
0000001b: PUSH2 0x0028
0000001e: JUMPI
0000001f: JUMPDEST
00000020: PUSH2 0x0000
00000023: JUMPDEST
00000024: PUSH2 0x0002
00000027: JUMP
00000028: JUMPDEST
00000029: PUSH2 0x0040
0000002c: PUSH1 0x04
0000002e: CALLDATALOAD
0000002f: PUSH1 0x24
00000031: CALLDATALOAD
00000032: PUSH1 0x00
00000034: CALLVALUE
00000035: DUP2
00000036: SWAP1
00000037: GT
00000038: PUSH2 0x00e1
0000003b: JUMPI
0000003c: PUSH2 0x0002
0000003f: JUMP
00000040: JUMPDEST
00000041: PUSH1 0x40
00000043: DUP1
00000044: MLOAD
00000045: SWAP2
00000046: DUP3
00000047: MSTORE
00000048: MLOAD
00000049: SWAP1
0000004a: DUP2
0000004b: SWAP1
0000004c: SUB
0000004d: PUSH1 0x20
0000004f: ADD
00000050: SWAP1
00000051: RETURN
00000052: JUMPDEST
00000053: DUP1
00000054: SLOAD
00000055: PUSH32 0x16c7272100000000000000000000000000000000000000000000000000000000
00000076: PUSH1 0x60
00000078: SWAP1
00000079: DUP2
0000007a: MSTORE
0000007b: PUSH1 0x01
0000007d: PUSH1 0xa0
0000007f: PUSH1 0x02
00000081: EXP
00000082: SUB
00000083: SWAP2
00000084: SWAP1
00000085: SWAP2
00000086: AND
00000087: SWAP1
00000088: PUSH4 0x16c72721
0000008d: SWAP1
0000008e: PUSH1 0x64
00000090: SWAP1
00000091: PUSH1 0x20
00000093: SWAP1
00000094: PUSH1 0x04
00000096: DUP2
00000097: DUP8
00000098: DUP8
00000099: PUSH2 0x61da
0000009c: GAS
0000009d: SUB
0000009e: CALL
0000009f: ISZERO
000000a0: PUSH2 0x0002
000000a3: JUMPI
000000a4: POP
000000a5: POP
000000a6: PUSH1 0x40
000000a8: MLOAD
000000a9: MLOAD
000000aa: SWAP1
000000ab: POP
000000ac: DUP1
000000ad: ISZERO
000000ae: PUSH2 0x00d2
000000b1: JUMPI
000000b2: POP
000000b3: PUSH1 0x40
000000b5: MLOAD
000000b6: PUSH1 0x01
000000b8: PUSH1 0xa0
000000ba: PUSH1 0x02
000000bc: EXP
000000bd: SUB
000000be: DUP5
000000bf: AND
000000c0: SWAP1
000000c1: DUP3
000000c2: SWAP1
000000c3: CALLVALUE
000000c4: SWAP1
000000c5: DUP3
000000c6: DUP2
000000c7: DUP2
000000c8: DUP2
000000c9: DUP6
000000ca: DUP9
000000cb: DUP4
000000cc: CALL
000000cd: SWAP4
000000ce: POP
000000cf: POP
000000d0: POP
000000d1: POP
000000d2: JUMPDEST
000000d3: ISZERO
000000d4: PUSH2 0x010f
000000d7: JUMPI
000000d8: POP
000000d9: PUSH1 0x01
000000db: JUMPDEST
000000dc: SWAP3
000000dd: SWAP2
000000de: POP
000000df: POP
000000e0: JUMP
000000e1: JUMPDEST
000000e2: DUP3
000000e3: PUSH1 0x01
000000e5: PUSH1 0xa0
000000e7: PUSH1 0x02
000000e9: EXP
000000ea: SUB
000000eb: AND
000000ec: PUSH1 0x00
000000ee: EQ
000000ef: ISZERO
000000f0: PUSH2 0x00f8
000000f3: JUMPI
000000f4: PUSH2 0x0002
000000f7: JUMP
000000f8: JUMPDEST
000000f9: DUP2
000000fa: PUSH1 0x01
000000fc: PUSH1 0xa0
000000fe: PUSH1 0x02
00000100: EXP
00000101: SUB
00000102: AND
00000103: PUSH1 0x00
00000105: EQ
00000106: ISZERO
00000107: PUSH2 0x0052
0000010a: JUMPI
0000010b: PUSH2 0x0002
0000010e: JUMP
0000010f: JUMPDEST
00000110: PUSH1 0x00
00000112: PUSH1 0x00
00000114: SWAP1
00000115: SLOAD
00000116: SWAP1
00000117: PUSH2 0x0100
0000011a: EXP
0000011b: SWAP1
0000011c: DIV
0000011d: PUSH1 0x01
0000011f: PUSH1 0xa0
00000121: PUSH1 0x02
00000123: EXP
00000124: SUB
00000125: AND
00000126: PUSH1 0x01
00000128: PUSH1 0xa0
0000012a: PUSH1 0x02
0000012c: EXP
0000012d: SUB
0000012e: AND
0000012f: PUSH4 0x16c72721
00000134: PUSH1 0x40
00000136: MLOAD
00000137: DUP2
00000138: PUSH1 0xe0
0000013a: PUSH1 0x02
0000013c: EXP
0000013d: MUL
0000013e: DUP2
0000013f: MSTORE
00000140: PUSH1 0x04
00000142: ADD
00000143: DUP1
00000144: SWAP1
00000145: POP
00000146: PUSH1 0x20
00000148: PUSH1 0x40
0000014a: MLOAD
0000014b: DUP1
0000014c: DUP4
0000014d: SUB
0000014e: DUP2
0000014f: PUSH1 0x00
00000151: DUP8
00000152: PUSH2 0x61da
00000155: GAS
00000156: SUB
00000157: CALL
00000158: ISZERO
00000159: PUSH2 0x0002
0000015c: JUMPI
0000015d: POP
0000015e: POP
0000015f: PUSH1 0x40
00000161: MLOAD
00000162: MLOAD
00000163: ISZERO
00000164: SWAP1
00000165: POP
00000166: DUP1
00000167: ISZERO
00000168: PUSH2 0x018c
0000016b: JUMPI
0000016c: POP
0000016d: PUSH1 0x40
0000016f: MLOAD
00000170: PUSH1 0x01
00000172: PUSH1 0xa0
00000174: PUSH1 0x02
00000176: EXP
00000177: SUB
00000178: DUP4
00000179: AND
0000017a: SWAP1
0000017b: DUP3
0000017c: SWAP1
0000017d: CALLVALUE
0000017e: SWAP1
0000017f: DUP3
00000180: DUP2
00000181: DUP2
00000182: DUP2
00000183: DUP6
00000184: DUP9
00000185: DUP4
00000186: CALL
00000187: SWAP4
00000188: POP
00000189: POP
0000018a: POP
0000018b: POP
0000018c: JUMPDEST
0000018d: ISZERO
0000018e: PUSH2 0x0023
00000191: JUMPI
00000192: POP
00000193: PUSH1 0x01
00000195: PUSH2 0x00db
00000198: JUMP
View stderr 
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high other detector Untrusted CALL target/value reachable 60 no no
view
trace_id: 0x553bda6e8ce23c6e2d2ccdc92cf7085cf369dde20190ddb079f16d0168235d9b
call_targets: 0x9f8d4420f9b86c26dcd38de61ea6041fc5a5017c
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x553bda6e8ce23c6e2d2ccdc92cf7085cf369dde20190ddb079f16d0168235d9b",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x9f8d4420f9b86c26dcd38de61ea6041fc5a5017c"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x0f2c9329",
            "selector": "0x0f2c9329",
            "calldata_variants": [
                "0x0f2c9329",
                "0x0f2c93290000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 158,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "storage-derived"
        },
        {
            "pc": 204,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 343,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 4,
    "guards_detected": [],
    "untrusted_call_count": 4
}
high other detector ETH value transfer possible 55 no no
view
trace_id: 0x553bda6e8ce23c6e2d2ccdc92cf7085cf369dde20190ddb079f16d0168235d9b
call_targets: 0x9f8d4420f9b86c26dcd38de61ea6041fc5a5017c
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x553bda6e8ce23c6e2d2ccdc92cf7085cf369dde20190ddb079f16d0168235d9b",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x9f8d4420f9b86c26dcd38de61ea6041fc5a5017c"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x0f2c9329",
            "selector": "0x0f2c9329",
            "calldata_variants": [
                "0x0f2c9329",
                "0x0f2c93290000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 158,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "storage-derived"
        },
        {
            "pc": 204,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 343,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 4,
    "guards_detected": []
}