Analysis Run

019b3836-5db5-702b-837c-79d797c0e4db

complete

Chain ID

1

Address

0xb26d2f1f70de86b7f1523b01bbe0a9d3b64a93e9

Block Number

—

Created

Fri, Dec 19, 2025 8:04 PM

Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract

Confirmed

0

Validated

0

Source

Bytecode only

Review Backing

Not yet

Best current signal

Untrusted CALL target/value reachable

crit 0 high 0 direct contract

Review Checklist

1. Read the findings table first. Ignore raw jobs until the result looks real.

2. Confirm attacker control, not just the existence of a sink.

3. Confirm money or privilege impact.

4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts

ID	Type	Status	Attempts	Heartbeat
9373	artifact.fetch	complete	1 / 3	4 months ago
9374	tool.cast_disasm	complete	1 / 3	4 months ago
82752	analysis.bundle	complete	1 / 3	2 weeks ago
82753	capability.graph	complete	1 / 3	2 weeks ago
82754	detector.run	complete	1 / 3	2 weeks ago
82755	validation.fork	complete	1 / 3	2 weeks ago

Artifact

Runtime bytecode: available

Creation TX: —

Deployer: —

Proxy: no

Implementation:

—

Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm

Delegatecall

0

Selfdestruct

0

CREATE2

0

CALL-family (heavy)

2

EXT*/BALANCE

0

Total opcodes

360

Flags

No heuristic flags raised.

View cast disassembly output

00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x00
00000007: CALLDATALOAD
00000008: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
00000026: SWAP1
00000027: DIV
00000028: DUP1
00000029: PUSH4 0x123119cd
0000002e: EQ
0000002f: PUSH2 0x0068
00000032: JUMPI
00000033: DUP1
00000034: PUSH4 0x37bdc99b
00000039: EQ
0000003a: PUSH2 0x00a6
0000003d: JUMPI
0000003e: DUP1
0000003f: PUSH4 0x42966c68
00000044: EQ
00000045: PUSH2 0x00c3
00000048: JUMPI
00000049: DUP1
0000004a: PUSH4 0x66d003ac
0000004f: EQ
00000050: PUSH2 0x00e0
00000053: JUMPI
00000054: DUP1
00000055: PUSH4 0x70d5ae05
0000005a: EQ
0000005b: PUSH2 0x011e
0000005e: JUMPI
0000005f: PUSH2 0x0063
00000062: JUMP
00000063: JUMPDEST
00000064: PUSH2 0x0002
00000067: JUMP
00000068: JUMPDEST
00000069: CALLVALUE
0000006a: PUSH2 0x0002
0000006d: JUMPI
0000006e: PUSH2 0x007a
00000071: PUSH1 0x04
00000073: DUP1
00000074: POP
00000075: POP
00000076: PUSH2 0x015c
00000079: JUMP
0000007a: JUMPDEST
0000007b: PUSH1 0x40
0000007d: MLOAD
0000007e: DUP1
0000007f: DUP3
00000080: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000095: AND
00000096: DUP2
00000097: MSTORE
00000098: PUSH1 0x20
0000009a: ADD
0000009b: SWAP2
0000009c: POP
0000009d: POP
0000009e: PUSH1 0x40
000000a0: MLOAD
000000a1: DUP1
000000a2: SWAP2
000000a3: SUB
000000a4: SWAP1
000000a5: RETURN
000000a6: JUMPDEST
000000a7: CALLVALUE
000000a8: PUSH2 0x0002
000000ab: JUMPI
000000ac: PUSH2 0x00c1
000000af: PUSH1 0x04
000000b1: DUP1
000000b2: DUP1
000000b3: CALLDATALOAD
000000b4: SWAP1
000000b5: PUSH1 0x20
000000b7: ADD
000000b8: SWAP1
000000b9: SWAP2
000000ba: SWAP1
000000bb: POP
000000bc: POP
000000bd: PUSH2 0x0182
000000c0: JUMP
000000c1: JUMPDEST
000000c2: STOP
000000c3: JUMPDEST
000000c4: CALLVALUE
000000c5: PUSH2 0x0002
000000c8: JUMPI
000000c9: PUSH2 0x00de
000000cc: PUSH1 0x04
000000ce: DUP1
000000cf: DUP1
000000d0: CALLDATALOAD
000000d1: SWAP1
000000d2: PUSH1 0x20
000000d4: ADD
000000d5: SWAP1
000000d6: SWAP2
000000d7: SWAP1
000000d8: POP
000000d9: POP
000000da: PUSH2 0x023e
000000dd: JUMP
000000de: JUMPDEST
000000df: STOP
000000e0: JUMPDEST
000000e1: CALLVALUE
000000e2: PUSH2 0x0002
000000e5: JUMPI
000000e6: PUSH2 0x00f2
000000e9: PUSH1 0x04
000000eb: DUP1
000000ec: POP
000000ed: POP
000000ee: PUSH2 0x02fa
000000f1: JUMP
000000f2: JUMPDEST
000000f3: PUSH1 0x40
000000f5: MLOAD
000000f6: DUP1
000000f7: DUP3
000000f8: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000010d: AND
0000010e: DUP2
0000010f: MSTORE
00000110: PUSH1 0x20
00000112: ADD
00000113: SWAP2
00000114: POP
00000115: POP
00000116: PUSH1 0x40
00000118: MLOAD
00000119: DUP1
0000011a: SWAP2
0000011b: SUB
0000011c: SWAP1
0000011d: RETURN
0000011e: JUMPDEST
0000011f: CALLVALUE
00000120: PUSH2 0x0002
00000123: JUMPI
00000124: PUSH2 0x0130
00000127: PUSH1 0x04
00000129: DUP1
0000012a: POP
0000012b: POP
0000012c: PUSH2 0x0320
0000012f: JUMP
00000130: JUMPDEST
00000131: PUSH1 0x40
00000133: MLOAD
00000134: DUP1
00000135: DUP3
00000136: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000014b: AND
0000014c: DUP2
0000014d: MSTORE
0000014e: PUSH1 0x20
00000150: ADD
00000151: SWAP2
00000152: POP
00000153: POP
00000154: PUSH1 0x40
00000156: MLOAD
00000157: DUP1
00000158: SWAP2
00000159: SUB
0000015a: SWAP1
0000015b: RETURN
0000015c: JUMPDEST
0000015d: PUSH1 0x00
0000015f: PUSH1 0x00
00000161: SWAP1
00000162: SLOAD
00000163: SWAP1
00000164: PUSH2 0x0100
00000167: EXP
00000168: SWAP1
00000169: DIV
0000016a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000017f: AND
00000180: DUP2
00000181: JUMP
00000182: JUMPDEST
00000183: PUSH1 0x00
00000185: PUSH1 0x00
00000187: SWAP1
00000188: SLOAD
00000189: SWAP1
0000018a: PUSH2 0x0100
0000018d: EXP
0000018e: SWAP1
0000018f: DIV
00000190: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001a5: AND
000001a6: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001bb: AND
000001bc: CALLER
000001bd: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001d2: AND
000001d3: EQ
000001d4: ISZERO
000001d5: ISZERO
000001d6: PUSH2 0x01de
000001d9: JUMPI
000001da: PUSH2 0x0002
000001dd: JUMP
000001de: JUMPDEST
000001df: PUSH1 0x01
000001e1: PUSH1 0x00
000001e3: SWAP1
000001e4: SLOAD
000001e5: SWAP1
000001e6: PUSH2 0x0100
000001e9: EXP
000001ea: SWAP1
000001eb: DIV
000001ec: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000201: AND
00000202: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000217: AND
00000218: PUSH2 0x08fc
0000021b: DUP3
0000021c: SWAP1
0000021d: DUP2
0000021e: ISZERO
0000021f: MUL
00000220: SWAP1
00000221: PUSH1 0x40
00000223: MLOAD
00000224: DUP1
00000225: SWAP1
00000226: POP
00000227: PUSH1 0x00
00000229: PUSH1 0x40
0000022b: MLOAD
0000022c: DUP1
0000022d: DUP4
0000022e: SUB
0000022f: DUP2
00000230: DUP6
00000231: DUP9
00000232: DUP9
00000233: CALL
00000234: SWAP4
00000235: POP
00000236: POP
00000237: POP
00000238: POP
00000239: POP
0000023a: JUMPDEST
0000023b: JUMPDEST
0000023c: POP
0000023d: JUMP
0000023e: JUMPDEST
0000023f: PUSH1 0x00
00000241: PUSH1 0x00
00000243: SWAP1
00000244: SLOAD
00000245: SWAP1
00000246: PUSH2 0x0100
00000249: EXP
0000024a: SWAP1
0000024b: DIV
0000024c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000261: AND
00000262: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000277: AND
00000278: CALLER
00000279: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000028e: AND
0000028f: EQ
00000290: ISZERO
00000291: ISZERO
00000292: PUSH2 0x029a
00000295: JUMPI
00000296: PUSH2 0x0002
00000299: JUMP
0000029a: JUMPDEST
0000029b: PUSH1 0x02
0000029d: PUSH1 0x00
0000029f: SWAP1
000002a0: SLOAD
000002a1: SWAP1
000002a2: PUSH2 0x0100
000002a5: EXP
000002a6: SWAP1
000002a7: DIV
000002a8: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000002bd: AND
000002be: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000002d3: AND
000002d4: PUSH2 0x08fc
000002d7: DUP3
000002d8: SWAP1
000002d9: DUP2
000002da: ISZERO
000002db: MUL
000002dc: SWAP1
000002dd: PUSH1 0x40
000002df: MLOAD
000002e0: DUP1
000002e1: SWAP1
000002e2: POP
000002e3: PUSH1 0x00
000002e5: PUSH1 0x40
000002e7: MLOAD
000002e8: DUP1
000002e9: DUP4
000002ea: SUB
000002eb: DUP2
000002ec: DUP6
000002ed: DUP9
000002ee: DUP9
000002ef: CALL
000002f0: SWAP4
000002f1: POP
000002f2: POP
000002f3: POP
000002f4: POP
000002f5: POP
000002f6: JUMPDEST
000002f7: JUMPDEST
000002f8: POP
000002f9: JUMP
000002fa: JUMPDEST
000002fb: PUSH1 0x01
000002fd: PUSH1 0x00
000002ff: SWAP1
00000300: SLOAD
00000301: SWAP1
00000302: PUSH2 0x0100
00000305: EXP
00000306: SWAP1
00000307: DIV
00000308: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000031d: AND
0000031e: DUP2
0000031f: JUMP
00000320: JUMPDEST
00000321: PUSH1 0x02
00000323: PUSH1 0x00
00000325: SWAP1
00000326: SLOAD
00000327: SWAP1
00000328: PUSH2 0x0100
0000032b: EXP
0000032c: SWAP1
0000032d: DIV
0000032e: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000343: AND
00000344: DUP2
00000345: JUMP

View stderr

Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others

Severity	Category	Tool	Title	Confidence	Validated	Confirmed	Details
medium	other	detector	Untrusted CALL target/value reachable	45	no	no	view trace_id: 0x01367833bf0aa0991816428c37109d68b9549d7c904a1bdba0c49e8138678edd call_targets: 0xb26d2f1f70de86b7f1523b01bbe0a9d3b64a93e9 target_varies: no classification: constant_target validation_json { "sink": "CALL", "errors": 0, "status": "sink_reached", "attempts": 1, "trace_id": "0x01367833bf0aa0991816428c37109d68b9549d7c904a1bdba0c49e8138678edd", "confirmed": false, "trace_mode": "callTracer", "call_targets": [ "0xb26d2f1f70de86b7f1523b01bbe0a9d3b64a93e9" ], "matched_probe": null, "target_varies": false, "classification": "constant_target" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x123119cd", "selector": "0x123119cd", "calldata_variants": [ "0x123119cd", "0x123119cd0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x37bdc99b", "selector": "0x37bdc99b", "calldata_variants": [ "0x37bdc99b", "0x37bdc99b0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x42966c68", "selector": "0x42966c68", "calldata_variants": [ "0x42966c68", "0x42966c680000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x66d003ac", "selector": "0x66d003ac", "calldata_variants": [ "0x66d003ac", "0x66d003ac0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x70d5ae05", "selector": "0x70d5ae05", "calldata_variants": [ "0x70d5ae05", "0x70d5ae050000000000000000000000000000000000000000000000000000000000000000" ] } ] } evidence_json { "examples": [ { "pc": 563, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" }, { "pc": 751, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" } ], "call_count": 2, "guards_detected": [ { "pc": 444, "type": "msg_sender_eq_const", "value": "0xffffffffffffffffffffffffffffffffffffffff" }, { "pc": 632, "type": "msg_sender_eq_const", "value": "0xffffffffffffffffffffffffffffffffffffffff" } ], "untrusted_call_count": 2 }
medium	other	detector	ETH value transfer possible	40	no	no	view trace_id: 0x01367833bf0aa0991816428c37109d68b9549d7c904a1bdba0c49e8138678edd call_targets: 0xb26d2f1f70de86b7f1523b01bbe0a9d3b64a93e9 target_varies: no classification: constant_target validation_json { "sink": "CALL", "errors": 0, "status": "sink_reached", "attempts": 1, "trace_id": "0x01367833bf0aa0991816428c37109d68b9549d7c904a1bdba0c49e8138678edd", "confirmed": false, "trace_mode": "callTracer", "call_targets": [ "0xb26d2f1f70de86b7f1523b01bbe0a9d3b64a93e9" ], "matched_probe": null, "target_varies": false, "classification": "constant_target" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x123119cd", "selector": "0x123119cd", "calldata_variants": [ "0x123119cd", "0x123119cd0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x37bdc99b", "selector": "0x37bdc99b", "calldata_variants": [ "0x37bdc99b", "0x37bdc99b0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x42966c68", "selector": "0x42966c68", "calldata_variants": [ "0x42966c68", "0x42966c680000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x66d003ac", "selector": "0x66d003ac", "calldata_variants": [ "0x66d003ac", "0x66d003ac0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x70d5ae05", "selector": "0x70d5ae05", "calldata_variants": [ "0x70d5ae05", "0x70d5ae050000000000000000000000000000000000000000000000000000000000000000" ] } ] } evidence_json { "examples": [ { "pc": 563, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" }, { "pc": 751, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" } ], "eth_value_calls": 2, "guards_detected": [ { "pc": 444, "type": "msg_sender_eq_const", "value": "0xffffffffffffffffffffffffffffffffffffffff" }, { "pc": 632, "type": "msg_sender_eq_const", "value": "0xffffffffffffffffffffffffffffffffffffffff" } ] }

Severity

Category

Tool

Title

Confidence

Validated

Confirmed

Details

medium

other

detector

Untrusted CALL target/value reachable

45

no

view

trace_id: 0x01367833bf0aa0991816428c37109d68b9549d7c904a1bdba0c49e8138678edd

call_targets: 0xb26d2f1f70de86b7f1523b01bbe0a9d3b64a93e9

target_varies: no

classification: constant_target

validation_json

{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x01367833bf0aa0991816428c37109d68b9549d7c904a1bdba0c49e8138678edd",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0xb26d2f1f70de86b7f1523b01bbe0a9d3b64a93e9"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}

witness_json

{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x123119cd",
            "selector": "0x123119cd",
            "calldata_variants": [
                "0x123119cd",
                "0x123119cd0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x37bdc99b",
            "selector": "0x37bdc99b",
            "calldata_variants": [
                "0x37bdc99b",
                "0x37bdc99b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x42966c68",
            "selector": "0x42966c68",
            "calldata_variants": [
                "0x42966c68",
                "0x42966c680000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x66d003ac",
            "selector": "0x66d003ac",
            "calldata_variants": [
                "0x66d003ac",
                "0x66d003ac0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x70d5ae05",
            "selector": "0x70d5ae05",
            "calldata_variants": [
                "0x70d5ae05",
                "0x70d5ae050000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}

evidence_json

{
    "examples": [
        {
            "pc": 563,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 751,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 2,
    "guards_detected": [
        {
            "pc": 444,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 632,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ],
    "untrusted_call_count": 2
}