TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b3836-5e9a-714f-848a-b3cce5a6bf0b

complete
Chain ID
1
Address
Block Number
Created
Fri, Dec 19, 2025 8:04 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted CALL target/value reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
9511 artifact.fetch complete 1 / 3 4 months ago
9512 tool.cast_disasm complete 1 / 3 4 months ago
52592 analysis.bundle complete 1 / 3 2 weeks ago
52593 capability.graph complete 1 / 3 2 weeks ago
52594 detector.run complete 1 / 3 2 weeks ago
52595 validation.fork complete 1 / 3 2 weeks ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
3
EXT*/BALANCE
1
Total opcodes
294
Flags
No heuristic flags raised.
View cast disassembly output
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: ISZERO
00000007: PUSH2 0x0048
0000000a: JUMPI
0000000b: PUSH1 0x00
0000000d: CALLDATALOAD
0000000e: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
0000002c: SWAP1
0000002d: DIV
0000002e: DUP1
0000002f: PUSH4 0xaa8c217c
00000034: EQ
00000035: PUSH2 0x0051
00000038: JUMPI
00000039: DUP1
0000003a: PUSH4 0xeaaf5a17
0000003f: EQ
00000040: PUSH2 0x0078
00000043: JUMPI
00000044: PUSH2 0x0048
00000047: JUMP
00000048: JUMPDEST
00000049: PUSH2 0x004f
0000004c: JUMPDEST
0000004d: JUMPDEST
0000004e: JUMP
0000004f: JUMPDEST
00000050: STOP
00000051: JUMPDEST
00000052: PUSH2 0x005e
00000055: PUSH1 0x04
00000057: DUP1
00000058: POP
00000059: POP
0000005a: PUSH2 0x00e4
0000005d: JUMP
0000005e: JUMPDEST
0000005f: PUSH1 0x40
00000061: MLOAD
00000062: DUP1
00000063: DUP3
00000064: PUSH1 0x00
00000066: NOT
00000067: AND
00000068: DUP2
00000069: MSTORE
0000006a: PUSH1 0x20
0000006c: ADD
0000006d: SWAP2
0000006e: POP
0000006f: POP
00000070: PUSH1 0x40
00000072: MLOAD
00000073: DUP1
00000074: SWAP2
00000075: SUB
00000076: SWAP1
00000077: RETURN
00000078: JUMPDEST
00000079: PUSH2 0x00cc
0000007c: PUSH1 0x04
0000007e: DUP1
0000007f: DUP1
00000080: CALLDATALOAD
00000081: SWAP1
00000082: PUSH1 0x20
00000084: ADD
00000085: SWAP1
00000086: DUP3
00000087: ADD
00000088: DUP1
00000089: CALLDATALOAD
0000008a: SWAP1
0000008b: PUSH1 0x20
0000008d: ADD
0000008e: SWAP2
0000008f: SWAP2
00000090: SWAP1
00000091: DUP1
00000092: DUP1
00000093: PUSH1 0x1f
00000095: ADD
00000096: PUSH1 0x20
00000098: DUP1
00000099: SWAP2
0000009a: DIV
0000009b: MUL
0000009c: PUSH1 0x20
0000009e: ADD
0000009f: PUSH1 0x40
000000a1: MLOAD
000000a2: SWAP1
000000a3: DUP2
000000a4: ADD
000000a5: PUSH1 0x40
000000a7: MSTORE
000000a8: DUP1
000000a9: SWAP4
000000aa: SWAP3
000000ab: SWAP2
000000ac: SWAP1
000000ad: DUP2
000000ae: DUP2
000000af: MSTORE
000000b0: PUSH1 0x20
000000b2: ADD
000000b3: DUP4
000000b4: DUP4
000000b5: DUP1
000000b6: DUP3
000000b7: DUP5
000000b8: CALLDATACOPY
000000b9: DUP3
000000ba: ADD
000000bb: SWAP2
000000bc: POP
000000bd: POP
000000be: POP
000000bf: POP
000000c0: POP
000000c1: POP
000000c2: SWAP1
000000c3: SWAP1
000000c4: SWAP2
000000c5: SWAP1
000000c6: POP
000000c7: POP
000000c8: PUSH2 0x00ed
000000cb: JUMP
000000cc: JUMPDEST
000000cd: PUSH1 0x40
000000cf: MLOAD
000000d0: DUP1
000000d1: DUP3
000000d2: ISZERO
000000d3: ISZERO
000000d4: DUP2
000000d5: MSTORE
000000d6: PUSH1 0x20
000000d8: ADD
000000d9: SWAP2
000000da: POP
000000db: POP
000000dc: PUSH1 0x40
000000de: MLOAD
000000df: DUP1
000000e0: SWAP2
000000e1: SUB
000000e2: SWAP1
000000e3: RETURN
000000e4: JUMPDEST
000000e5: PUSH1 0x00
000000e7: PUSH1 0x00
000000e9: POP
000000ea: SLOAD
000000eb: DUP2
000000ec: JUMP
000000ed: JUMPDEST
000000ee: PUSH1 0x00
000000f0: PUSH1 0x00
000000f2: PUSH1 0x00
000000f4: PUSH1 0x00
000000f6: POP
000000f7: SLOAD
000000f8: PUSH1 0x00
000000fa: NOT
000000fb: AND
000000fc: PUSH1 0x02
000000fe: DUP5
000000ff: PUSH1 0x40
00000101: MLOAD
00000102: DUP1
00000103: DUP3
00000104: DUP1
00000105: MLOAD
00000106: SWAP1
00000107: PUSH1 0x20
00000109: ADD
0000010a: SWAP1
0000010b: DUP1
0000010c: DUP4
0000010d: DUP4
0000010e: DUP3
0000010f: SWAP1
00000110: PUSH1 0x00
00000112: PUSH1 0x04
00000114: PUSH1 0x20
00000116: DUP5
00000117: PUSH1 0x1f
00000119: ADD
0000011a: DIV
0000011b: PUSH1 0x03
0000011d: MUL
0000011e: PUSH1 0x0f
00000120: ADD
00000121: CALL
00000122: POP
00000123: SWAP1
00000124: POP
00000125: ADD
00000126: SWAP2
00000127: POP
00000128: POP
00000129: PUSH1 0x20
0000012b: PUSH1 0x40
0000012d: MLOAD
0000012e: DUP1
0000012f: DUP4
00000130: SUB
00000131: DUP2
00000132: PUSH1 0x00
00000134: DUP7
00000135: PUSH2 0x61da
00000138: GAS
00000139: SUB
0000013a: CALL
0000013b: ISZERO
0000013c: PUSH2 0x0002
0000013f: JUMPI
00000140: POP
00000141: POP
00000142: PUSH1 0x40
00000144: MLOAD
00000145: DUP1
00000146: MLOAD
00000147: SWAP1
00000148: PUSH1 0x20
0000014a: ADD
0000014b: POP
0000014c: PUSH1 0x00
0000014e: NOT
0000014f: AND
00000150: EQ
00000151: ISZERO
00000152: PUSH2 0x01b3
00000155: JUMPI
00000156: PUSH2 0x59d8
00000159: ADDRESS
0000015a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000016f: AND
00000170: BALANCE
00000171: SUB
00000172: SWAP1
00000173: POP
00000174: CALLER
00000175: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000018a: AND
0000018b: PUSH1 0x00
0000018d: DUP3
0000018e: PUSH1 0x40
00000190: MLOAD
00000191: DUP1
00000192: SWAP1
00000193: POP
00000194: PUSH1 0x00
00000196: PUSH1 0x40
00000198: MLOAD
00000199: DUP1
0000019a: DUP4
0000019b: SUB
0000019c: DUP2
0000019d: DUP6
0000019e: DUP9
0000019f: DUP9
000001a0: CALL
000001a1: SWAP4
000001a2: POP
000001a3: POP
000001a4: POP
000001a5: POP
000001a6: POP
000001a7: PUSH1 0x01
000001a9: SWAP2
000001aa: POP
000001ab: PUSH2 0x01bd
000001ae: JUMP
000001af: PUSH2 0x01bc
000001b2: JUMP
000001b3: JUMPDEST
000001b4: PUSH1 0x00
000001b6: SWAP2
000001b7: POP
000001b8: PUSH2 0x01bd
000001bb: JUMP
000001bc: JUMPDEST
000001bd: JUMPDEST
000001be: POP
000001bf: SWAP2
000001c0: SWAP1
000001c1: POP
000001c2: JUMP
View stderr
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high other detector Untrusted CALL target/value reachable 60 no no
view
trace_id: 0xd94067bace5cbbe7828342cddc95c9adf013e75bb2cb032803a85bc8cfc76a7a
call_targets: 0x569a64f1aa14df92537b74b755ae6d55deb73743
target_varies: no
classification: constant_target
validation_json
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0xd94067bace5cbbe7828342cddc95c9adf013e75bb2cb032803a85bc8cfc76a7a",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x569a64f1aa14df92537b74b755ae6d55deb73743"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0xaa8c217c",
            "selector": "0xaa8c217c",
            "calldata_variants": [
                "0xaa8c217c",
                "0xaa8c217c0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xeaaf5a17",
            "selector": "0xeaaf5a17",
            "calldata_variants": [
                "0xeaaf5a17",
                "0xeaaf5a170000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json
{
    "examples": [
        {
            "pc": 289,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "constant"
        },
        {
            "pc": 314,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 416,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 3,
    "guards_detected": [],
    "untrusted_call_count": 3
}
high other detector ETH value transfer possible 55 no no
view
trace_id: 0xd94067bace5cbbe7828342cddc95c9adf013e75bb2cb032803a85bc8cfc76a7a
call_targets: 0x569a64f1aa14df92537b74b755ae6d55deb73743
target_varies: no
classification: constant_target
validation_json
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0xd94067bace5cbbe7828342cddc95c9adf013e75bb2cb032803a85bc8cfc76a7a",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x569a64f1aa14df92537b74b755ae6d55deb73743"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0xaa8c217c",
            "selector": "0xaa8c217c",
            "calldata_variants": [
                "0xaa8c217c",
                "0xaa8c217c0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xeaaf5a17",
            "selector": "0xeaaf5a17",
            "calldata_variants": [
                "0xeaaf5a17",
                "0xeaaf5a170000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json
{
    "examples": [
        {
            "pc": 289,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "constant"
        },
        {
            "pc": 314,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 416,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 3,
    "guards_detected": []
}