TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b3836-5e9d-7363-8bf2-0ed4fd3a6113

complete
Chain ID
1
Address
0x5f5d7147adb6ed31a2ca03ce3defb070a3be0ebb
Block Number
Created
Fri, Dec 19, 2025 8:04 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted CALL target/value reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
9513 artifact.fetch complete 1 / 3 4 months ago
9514 tool.cast_disasm complete 1 / 3 4 months ago
52568 analysis.bundle complete 1 / 3 2 weeks ago
52569 capability.graph complete 1 / 3 2 weeks ago
52570 detector.run complete 1 / 3 2 weeks ago
52571 validation.fork complete 1 / 3 2 weeks ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
3
EXT*/BALANCE
1
Total opcodes
424
Flags
No heuristic flags raised.
View cast disassembly output 
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x00
00000007: CALLDATALOAD
00000008: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
00000026: SWAP1
00000027: DIV
00000028: DUP1
00000029: PUSH4 0x54107401
0000002e: EQ
0000002f: PUSH2 0x0047
00000032: JUMPI
00000033: DUP1
00000034: PUSH4 0xc8796572
00000039: EQ
0000003a: PUSH2 0x00e4
0000003d: JUMPI
0000003e: PUSH2 0x0042
00000041: JUMP
00000042: JUMPDEST
00000043: PUSH2 0x0002
00000046: JUMP
00000047: JUMPDEST
00000048: PUSH2 0x00e2
0000004b: PUSH1 0x04
0000004d: DUP1
0000004e: DUP1
0000004f: CALLDATALOAD
00000050: SWAP1
00000051: PUSH1 0x20
00000053: ADD
00000054: SWAP1
00000055: DUP3
00000056: ADD
00000057: DUP1
00000058: CALLDATALOAD
00000059: SWAP1
0000005a: PUSH1 0x20
0000005c: ADD
0000005d: SWAP2
0000005e: SWAP2
0000005f: SWAP1
00000060: DUP1
00000061: DUP1
00000062: PUSH1 0x1f
00000064: ADD
00000065: PUSH1 0x20
00000067: DUP1
00000068: SWAP2
00000069: DIV
0000006a: MUL
0000006b: PUSH1 0x20
0000006d: ADD
0000006e: PUSH1 0x40
00000070: MLOAD
00000071: SWAP1
00000072: DUP2
00000073: ADD
00000074: PUSH1 0x40
00000076: MSTORE
00000077: DUP1
00000078: SWAP4
00000079: SWAP3
0000007a: SWAP2
0000007b: SWAP1
0000007c: DUP2
0000007d: DUP2
0000007e: MSTORE
0000007f: PUSH1 0x20
00000081: ADD
00000082: DUP4
00000083: DUP4
00000084: DUP1
00000085: DUP3
00000086: DUP5
00000087: CALLDATACOPY
00000088: DUP3
00000089: ADD
0000008a: SWAP2
0000008b: POP
0000008c: POP
0000008d: POP
0000008e: POP
0000008f: POP
00000090: POP
00000091: SWAP1
00000092: SWAP1
00000093: SWAP2
00000094: SWAP1
00000095: DUP1
00000096: CALLDATALOAD
00000097: SWAP1
00000098: PUSH1 0x20
0000009a: ADD
0000009b: SWAP1
0000009c: DUP3
0000009d: ADD
0000009e: DUP1
0000009f: CALLDATALOAD
000000a0: SWAP1
000000a1: PUSH1 0x20
000000a3: ADD
000000a4: SWAP2
000000a5: SWAP2
000000a6: SWAP1
000000a7: DUP1
000000a8: DUP1
000000a9: PUSH1 0x1f
000000ab: ADD
000000ac: PUSH1 0x20
000000ae: DUP1
000000af: SWAP2
000000b0: DIV
000000b1: MUL
000000b2: PUSH1 0x20
000000b4: ADD
000000b5: PUSH1 0x40
000000b7: MLOAD
000000b8: SWAP1
000000b9: DUP2
000000ba: ADD
000000bb: PUSH1 0x40
000000bd: MSTORE
000000be: DUP1
000000bf: SWAP4
000000c0: SWAP3
000000c1: SWAP2
000000c2: SWAP1
000000c3: DUP2
000000c4: DUP2
000000c5: MSTORE
000000c6: PUSH1 0x20
000000c8: ADD
000000c9: DUP4
000000ca: DUP4
000000cb: DUP1
000000cc: DUP3
000000cd: DUP5
000000ce: CALLDATACOPY
000000cf: DUP3
000000d0: ADD
000000d1: SWAP2
000000d2: POP
000000d3: POP
000000d4: POP
000000d5: POP
000000d6: POP
000000d7: POP
000000d8: SWAP1
000000d9: SWAP1
000000da: SWAP2
000000db: SWAP1
000000dc: POP
000000dd: POP
000000de: PUSH2 0x00f8
000000e1: JUMP
000000e2: JUMPDEST
000000e3: STOP
000000e4: JUMPDEST
000000e5: CALLVALUE
000000e6: PUSH2 0x0002
000000e9: JUMPI
000000ea: PUSH2 0x00f6
000000ed: PUSH1 0x04
000000ef: DUP1
000000f0: POP
000000f1: POP
000000f2: PUSH2 0x0207
000000f5: JUMP
000000f6: JUMPDEST
000000f7: STOP
000000f8: JUMPDEST
000000f9: PUSH8 0x016345785d8a0000
00000102: CALLVALUE
00000103: LT
00000104: ISZERO
00000105: ISZERO
00000106: PUSH2 0x01fd
00000109: JUMPI
0000010a: PUSH32 0x12059f6840f3930429bae3dbd64c327a81e8391bcef138f4e10cfab4d81ee3c9
0000012b: DUP3
0000012c: DUP3
0000012d: PUSH1 0x40
0000012f: MLOAD
00000130: DUP1
00000131: DUP1
00000132: PUSH1 0x20
00000134: ADD
00000135: DUP1
00000136: PUSH1 0x20
00000138: ADD
00000139: DUP4
0000013a: DUP2
0000013b: SUB
0000013c: DUP4
0000013d: MSTORE
0000013e: DUP6
0000013f: DUP2
00000140: DUP2
00000141: MLOAD
00000142: DUP2
00000143: MSTORE
00000144: PUSH1 0x20
00000146: ADD
00000147: SWAP2
00000148: POP
00000149: DUP1
0000014a: MLOAD
0000014b: SWAP1
0000014c: PUSH1 0x20
0000014e: ADD
0000014f: SWAP1
00000150: DUP1
00000151: DUP4
00000152: DUP4
00000153: DUP3
00000154: SWAP1
00000155: PUSH1 0x00
00000157: PUSH1 0x04
00000159: PUSH1 0x20
0000015b: DUP5
0000015c: PUSH1 0x1f
0000015e: ADD
0000015f: DIV
00000160: PUSH1 0x03
00000162: MUL
00000163: PUSH1 0x0f
00000165: ADD
00000166: CALL
00000167: POP
00000168: SWAP1
00000169: POP
0000016a: SWAP1
0000016b: DUP2
0000016c: ADD
0000016d: SWAP1
0000016e: PUSH1 0x1f
00000170: AND
00000171: DUP1
00000172: ISZERO
00000173: PUSH2 0x0190
00000176: JUMPI
00000177: DUP1
00000178: DUP3
00000179: SUB
0000017a: DUP1
0000017b: MLOAD
0000017c: PUSH1 0x01
0000017e: DUP4
0000017f: PUSH1 0x20
00000181: SUB
00000182: PUSH2 0x0100
00000185: EXP
00000186: SUB
00000187: NOT
00000188: AND
00000189: DUP2
0000018a: MSTORE
0000018b: PUSH1 0x20
0000018d: ADD
0000018e: SWAP2
0000018f: POP
00000190: JUMPDEST
00000191: POP
00000192: DUP4
00000193: DUP2
00000194: SUB
00000195: DUP3
00000196: MSTORE
00000197: DUP5
00000198: DUP2
00000199: DUP2
0000019a: MLOAD
0000019b: DUP2
0000019c: MSTORE
0000019d: PUSH1 0x20
0000019f: ADD
000001a0: SWAP2
000001a1: POP
000001a2: DUP1
000001a3: MLOAD
000001a4: SWAP1
000001a5: PUSH1 0x20
000001a7: ADD
000001a8: SWAP1
000001a9: DUP1
000001aa: DUP4
000001ab: DUP4
000001ac: DUP3
000001ad: SWAP1
000001ae: PUSH1 0x00
000001b0: PUSH1 0x04
000001b2: PUSH1 0x20
000001b4: DUP5
000001b5: PUSH1 0x1f
000001b7: ADD
000001b8: DIV
000001b9: PUSH1 0x03
000001bb: MUL
000001bc: PUSH1 0x0f
000001be: ADD
000001bf: CALL
000001c0: POP
000001c1: SWAP1
000001c2: POP
000001c3: SWAP1
000001c4: DUP2
000001c5: ADD
000001c6: SWAP1
000001c7: PUSH1 0x1f
000001c9: AND
000001ca: DUP1
000001cb: ISZERO
000001cc: PUSH2 0x01e9
000001cf: JUMPI
000001d0: DUP1
000001d1: DUP3
000001d2: SUB
000001d3: DUP1
000001d4: MLOAD
000001d5: PUSH1 0x01
000001d7: DUP4
000001d8: PUSH1 0x20
000001da: SUB
000001db: PUSH2 0x0100
000001de: EXP
000001df: SUB
000001e0: NOT
000001e1: AND
000001e2: DUP2
000001e3: MSTORE
000001e4: PUSH1 0x20
000001e6: ADD
000001e7: SWAP2
000001e8: POP
000001e9: JUMPDEST
000001ea: POP
000001eb: SWAP5
000001ec: POP
000001ed: POP
000001ee: POP
000001ef: POP
000001f0: POP
000001f1: PUSH1 0x40
000001f3: MLOAD
000001f4: DUP1
000001f5: SWAP2
000001f6: SUB
000001f7: SWAP1
000001f8: LOG1
000001f9: PUSH2 0x0202
000001fc: JUMP
000001fd: JUMPDEST
000001fe: PUSH2 0x0002
00000201: JUMP
00000202: JUMPDEST
00000203: JUMPDEST
00000204: POP
00000205: POP
00000206: JUMP
00000207: JUMPDEST
00000208: PUSH1 0x00
0000020a: PUSH1 0x00
0000020c: SWAP1
0000020d: SLOAD
0000020e: SWAP1
0000020f: PUSH2 0x0100
00000212: EXP
00000213: SWAP1
00000214: DIV
00000215: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000022a: AND
0000022b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000240: AND
00000241: CALLER
00000242: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000257: AND
00000258: EQ
00000259: ISZERO
0000025a: ISZERO
0000025b: PUSH2 0x0263
0000025e: JUMPI
0000025f: PUSH2 0x0002
00000262: JUMP
00000263: JUMPDEST
00000264: CALLER
00000265: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000027a: AND
0000027b: PUSH2 0x08fc
0000027e: ADDRESS
0000027f: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000294: AND
00000295: BALANCE
00000296: SWAP1
00000297: DUP2
00000298: ISZERO
00000299: MUL
0000029a: SWAP1
0000029b: PUSH1 0x40
0000029d: MLOAD
0000029e: DUP1
0000029f: SWAP1
000002a0: POP
000002a1: PUSH1 0x00
000002a3: PUSH1 0x40
000002a5: MLOAD
000002a6: DUP1
000002a7: DUP4
000002a8: SUB
000002a9: DUP2
000002aa: DUP6
000002ab: DUP9
000002ac: DUP9
000002ad: CALL
000002ae: SWAP4
000002af: POP
000002b0: POP
000002b1: POP
000002b2: POP
000002b3: POP
000002b4: JUMPDEST
000002b5: JUMPDEST
000002b6: JUMP
View stderr 
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
medium other detector Untrusted CALL target/value reachable 45 no no
view
trace_id: 0x1dc4e8a188fed7ce9b0c57c0718fec7481bacbca6864711331deb11c74bf69c9
call_targets: 0x5f5d7147adb6ed31a2ca03ce3defb070a3be0ebb
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x1dc4e8a188fed7ce9b0c57c0718fec7481bacbca6864711331deb11c74bf69c9",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x5f5d7147adb6ed31a2ca03ce3defb070a3be0ebb"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x54107401",
            "selector": "0x54107401",
            "calldata_variants": [
                "0x54107401",
                "0x541074010000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xc8796572",
            "selector": "0xc8796572",
            "calldata_variants": [
                "0xc8796572",
                "0xc87965720000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 358,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 447,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 685,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 3,
    "guards_detected": [
        {
            "pc": 577,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ],
    "untrusted_call_count": 3
}
medium other detector ETH value transfer possible 40 no no
view
trace_id: 0x1dc4e8a188fed7ce9b0c57c0718fec7481bacbca6864711331deb11c74bf69c9
call_targets: 0x5f5d7147adb6ed31a2ca03ce3defb070a3be0ebb
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x1dc4e8a188fed7ce9b0c57c0718fec7481bacbca6864711331deb11c74bf69c9",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x5f5d7147adb6ed31a2ca03ce3defb070a3be0ebb"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x54107401",
            "selector": "0x54107401",
            "calldata_variants": [
                "0x54107401",
                "0x541074010000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xc8796572",
            "selector": "0xc8796572",
            "calldata_variants": [
                "0xc8796572",
                "0xc87965720000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 358,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 447,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 685,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 3,
    "guards_detected": [
        {
            "pc": 577,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ]
}