TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b3844-89bb-7297-9820-d5467b7f9360

complete
Chain ID
1
Address
0x899f9a0440face1397a1ee1e3f6bf3580a6633d1
Block Number
Created
Fri, Dec 19, 2025 8:19 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted CALL target/value reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
11501 artifact.fetch complete 1 / 3 3 months ago
11502 tool.cast_disasm complete 1 / 3 3 months ago
54688 analysis.bundle complete 1 / 3 1 week ago
54689 capability.graph complete 1 / 3 1 week ago
54690 detector.run complete 1 / 3 1 week ago
54691 validation.fork complete 1 / 3 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
2
EXT*/BALANCE
2
Total opcodes
408
Flags
No heuristic flags raised.
View cast disassembly output 
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: ISZERO
00000007: PUSH2 0x005f
0000000a: JUMPI
0000000b: PUSH4 0xffffffff
00000010: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
0000002e: PUSH1 0x00
00000030: CALLDATALOAD
00000031: DIV
00000032: AND
00000033: PUSH4 0x041ae880
00000038: DUP2
00000039: EQ
0000003a: PUSH2 0x0084
0000003d: JUMPI
0000003e: DUP1
0000003f: PUSH4 0x3ba0b9a9
00000044: EQ
00000045: PUSH2 0x00b0
00000048: JUMPI
00000049: DUP1
0000004a: PUSH4 0xa6e158f8
0000004f: EQ
00000050: PUSH2 0x00d2
00000053: JUMPI
00000054: DUP1
00000055: PUSH4 0xfc0c546a
0000005a: EQ
0000005b: PUSH2 0x00e7
0000005e: JUMPI
0000005f: JUMPDEST
00000060: PUSH2 0x0082
00000063: JUMPDEST
00000064: PUSH1 0x00
00000066: SLOAD
00000067: CALLER
00000068: PUSH1 0x01
0000006a: PUSH1 0xa0
0000006c: PUSH1 0x02
0000006e: EXP
0000006f: SUB
00000070: SWAP1
00000071: DUP2
00000072: AND
00000073: SWAP2
00000074: AND
00000075: EQ
00000076: PUSH2 0x007f
00000079: JUMPI
0000007a: PUSH1 0x00
0000007c: PUSH1 0x00
0000007e: REVERT
0000007f: JUMPDEST
00000080: JUMPDEST
00000081: JUMP
00000082: JUMPDEST
00000083: STOP
00000084: JUMPDEST
00000085: CALLVALUE
00000086: ISZERO
00000087: PUSH2 0x008c
0000008a: JUMPI
0000008b: INVALID
0000008c: JUMPDEST
0000008d: PUSH2 0x0094
00000090: PUSH2 0x0113
00000093: JUMP
00000094: JUMPDEST
00000095: PUSH1 0x40
00000097: DUP1
00000098: MLOAD
00000099: PUSH1 0x01
0000009b: PUSH1 0xa0
0000009d: PUSH1 0x02
0000009f: EXP
000000a0: SUB
000000a1: SWAP1
000000a2: SWAP3
000000a3: AND
000000a4: DUP3
000000a5: MSTORE
000000a6: MLOAD
000000a7: SWAP1
000000a8: DUP2
000000a9: SWAP1
000000aa: SUB
000000ab: PUSH1 0x20
000000ad: ADD
000000ae: SWAP1
000000af: RETURN
000000b0: JUMPDEST
000000b1: CALLVALUE
000000b2: ISZERO
000000b3: PUSH2 0x00b8
000000b6: JUMPI
000000b7: INVALID
000000b8: JUMPDEST
000000b9: PUSH2 0x00c0
000000bc: PUSH2 0x0122
000000bf: JUMP
000000c0: JUMPDEST
000000c1: PUSH1 0x40
000000c3: DUP1
000000c4: MLOAD
000000c5: SWAP2
000000c6: DUP3
000000c7: MSTORE
000000c8: MLOAD
000000c9: SWAP1
000000ca: DUP2
000000cb: SWAP1
000000cc: SUB
000000cd: PUSH1 0x20
000000cf: ADD
000000d0: SWAP1
000000d1: RETURN
000000d2: JUMPDEST
000000d3: CALLVALUE
000000d4: ISZERO
000000d5: PUSH2 0x00da
000000d8: JUMPI
000000d9: INVALID
000000da: JUMPDEST
000000db: PUSH2 0x0082
000000de: PUSH1 0x04
000000e0: CALLDATALOAD
000000e1: PUSH2 0x0128
000000e4: JUMP
000000e5: JUMPDEST
000000e6: STOP
000000e7: JUMPDEST
000000e8: CALLVALUE
000000e9: ISZERO
000000ea: PUSH2 0x00ef
000000ed: JUMPI
000000ee: INVALID
000000ef: JUMPDEST
000000f0: PUSH2 0x0094
000000f3: PUSH2 0x0254
000000f6: JUMP
000000f7: JUMPDEST
000000f8: PUSH1 0x40
000000fa: DUP1
000000fb: MLOAD
000000fc: PUSH1 0x01
000000fe: PUSH1 0xa0
00000100: PUSH1 0x02
00000102: EXP
00000103: SUB
00000104: SWAP1
00000105: SWAP3
00000106: AND
00000107: DUP3
00000108: MSTORE
00000109: MLOAD
0000010a: SWAP1
0000010b: DUP2
0000010c: SWAP1
0000010d: SUB
0000010e: PUSH1 0x20
00000110: ADD
00000111: SWAP1
00000112: RETURN
00000113: JUMPDEST
00000114: PUSH1 0x00
00000116: SLOAD
00000117: PUSH1 0x01
00000119: PUSH1 0xa0
0000011b: PUSH1 0x02
0000011d: EXP
0000011e: SUB
0000011f: AND
00000120: DUP2
00000121: JUMP
00000122: JUMPDEST
00000123: PUSH1 0x02
00000125: SLOAD
00000126: DUP2
00000127: JUMP
00000128: JUMPDEST
00000129: PUSH1 0x01
0000012b: SLOAD
0000012c: PUSH1 0x40
0000012e: DUP1
0000012f: MLOAD
00000130: PUSH1 0x00
00000132: PUSH1 0x20
00000134: SWAP2
00000135: DUP3
00000136: ADD
00000137: DUP2
00000138: SWAP1
00000139: MSTORE
0000013a: DUP3
0000013b: MLOAD
0000013c: PUSH32 0x23b872dd00000000000000000000000000000000000000000000000000000000
0000015d: DUP2
0000015e: MSTORE
0000015f: PUSH1 0x01
00000161: PUSH1 0xa0
00000163: PUSH1 0x02
00000165: EXP
00000166: SUB
00000167: CALLER
00000168: DUP2
00000169: AND
0000016a: PUSH1 0x04
0000016c: DUP4
0000016d: ADD
0000016e: MSTORE
0000016f: ADDRESS
00000170: DUP2
00000171: AND
00000172: PUSH1 0x24
00000174: DUP4
00000175: ADD
00000176: MSTORE
00000177: PUSH1 0x44
00000179: DUP3
0000017a: ADD
0000017b: DUP8
0000017c: SWAP1
0000017d: MSTORE
0000017e: SWAP4
0000017f: MLOAD
00000180: SWAP2
00000181: SWAP5
00000182: SWAP4
00000183: SWAP1
00000184: SWAP4
00000185: AND
00000186: SWAP3
00000187: PUSH4 0x23b872dd
0000018c: SWAP3
0000018d: PUSH1 0x64
0000018f: DUP1
00000190: DUP4
00000191: ADD
00000192: SWAP4
00000193: SWAP2
00000194: SWAP3
00000195: DUP3
00000196: SWAP1
00000197: SUB
00000198: ADD
00000199: DUP2
0000019a: DUP8
0000019b: DUP8
0000019c: DUP1
0000019d: EXTCODESIZE
0000019e: ISZERO
0000019f: ISZERO
000001a0: PUSH2 0x01a5
000001a3: JUMPI
000001a4: INVALID
000001a5: JUMPDEST
000001a6: PUSH2 0x02c6
000001a9: GAS
000001aa: SUB
000001ab: CALL
000001ac: ISZERO
000001ad: ISZERO
000001ae: PUSH2 0x01b3
000001b1: JUMPI
000001b2: INVALID
000001b3: JUMPDEST
000001b4: POP
000001b5: POP
000001b6: PUSH1 0x40
000001b8: MLOAD
000001b9: MLOAD
000001ba: ISZERO
000001bb: ISZERO
000001bc: SWAP1
000001bd: POP
000001be: PUSH2 0x01c7
000001c1: JUMPI
000001c2: PUSH1 0x00
000001c4: PUSH1 0x00
000001c6: REVERT
000001c7: JUMPDEST
000001c8: PUSH1 0x02
000001ca: SLOAD
000001cb: DUP3
000001cc: DUP2
000001cd: ISZERO
000001ce: ISZERO
000001cf: PUSH2 0x01d4
000001d2: JUMPI
000001d3: INVALID
000001d4: JUMPDEST
000001d5: PUSH1 0x40
000001d7: MLOAD
000001d8: SWAP2
000001d9: SWAP1
000001da: DIV
000001db: SWAP2
000001dc: POP
000001dd: PUSH1 0x01
000001df: PUSH1 0xa0
000001e1: PUSH1 0x02
000001e3: EXP
000001e4: SUB
000001e5: CALLER
000001e6: AND
000001e7: SWAP1
000001e8: DUP3
000001e9: ISZERO
000001ea: PUSH2 0x08fc
000001ed: MUL
000001ee: SWAP1
000001ef: DUP4
000001f0: SWAP1
000001f1: PUSH1 0x00
000001f3: DUP2
000001f4: DUP2
000001f5: DUP2
000001f6: DUP6
000001f7: DUP9
000001f8: DUP9
000001f9: CALL
000001fa: SWAP4
000001fb: POP
000001fc: POP
000001fd: POP
000001fe: POP
000001ff: ISZERO
00000200: ISZERO
00000201: PUSH2 0x0206
00000204: JUMPI
00000205: INVALID
00000206: JUMPDEST
00000207: PUSH1 0x40
00000209: DUP1
0000020a: MLOAD
0000020b: PUSH1 0x01
0000020d: PUSH1 0xa0
0000020f: PUSH1 0x02
00000211: EXP
00000212: SUB
00000213: CALLER
00000214: AND
00000215: DUP2
00000216: MSTORE
00000217: PUSH1 0x20
00000219: DUP2
0000021a: ADD
0000021b: DUP5
0000021c: SWAP1
0000021d: MSTORE
0000021e: DUP1
0000021f: DUP3
00000220: ADD
00000221: DUP4
00000222: SWAP1
00000223: MSTORE
00000224: SWAP1
00000225: MLOAD
00000226: PUSH32 0xeebddeddf4ae1ee54a48517af27958e7666d69c7ba2e3e7c2b0ff87ef5f4491e
00000247: SWAP2
00000248: DUP2
00000249: SWAP1
0000024a: SUB
0000024b: PUSH1 0x60
0000024d: ADD
0000024e: SWAP1
0000024f: LOG1
00000250: JUMPDEST
00000251: POP
00000252: POP
00000253: JUMP
00000254: JUMPDEST
00000255: PUSH1 0x01
00000257: SLOAD
00000258: PUSH1 0x01
0000025a: PUSH1 0xa0
0000025c: PUSH1 0x02
0000025e: EXP
0000025f: SUB
00000260: AND
00000261: DUP2
00000262: JUMP
00000263: STOP
00000264: LOG1
00000265: PUSH6 0x627a7a723058
0000026c: KECCAK256
0000026d: JUMPDEST
0000026e: UNKNOWN(0xE1)
0000026f: PUSH1 0xf2
00000271: UNKNOWN(0xE2)
00000272: CHAINID
00000273: SELFBALANCE
00000274: UNKNOWN(0xE6)
00000275: OR
00000276: UNKNOWN(0xEA)
00000277: DUP2
00000278: UNKNOWN(0xDB)
00000279: EXP
0000027a: UNKNOWN(0xCD)
0000027b: UNKNOWN(0x29)
0000027c: UNKNOWN(0xBF)
0000027d: EXTCODECOPY
0000027e: UNKNOWN(0x29)
0000027f: UNKNOWN(0x4B)
00000280: PUSH20
View stderr 
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high other detector Untrusted CALL target/value reachable 60 no no
view
trace_id: 0xe16cc2f2c9d22c3b617691ff0d2120e73606c945ba623737e96cae61f94acfca
call_targets: 0x899f9a0440face1397a1ee1e3f6bf3580a6633d1
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0xe16cc2f2c9d22c3b617691ff0d2120e73606c945ba623737e96cae61f94acfca",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x899f9a0440face1397a1ee1e3f6bf3580a6633d1"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x041ae880",
            "selector": "0x041ae880",
            "calldata_variants": [
                "0x041ae880",
                "0x041ae8800000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x3ba0b9a9",
            "selector": "0x3ba0b9a9",
            "calldata_variants": [
                "0x3ba0b9a9",
                "0x3ba0b9a90000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xa6e158f8",
            "selector": "0xa6e158f8",
            "calldata_variants": [
                "0xa6e158f8",
                "0xa6e158f80000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xfc0c546a",
            "selector": "0xfc0c546a",
            "calldata_variants": [
                "0xfc0c546a",
                "0xfc0c546a0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 427,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 505,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 2,
    "guards_detected": [],
    "untrusted_call_count": 2
}
high other detector ETH value transfer possible 55 no no
view
trace_id: 0xe16cc2f2c9d22c3b617691ff0d2120e73606c945ba623737e96cae61f94acfca
call_targets: 0x899f9a0440face1397a1ee1e3f6bf3580a6633d1
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0xe16cc2f2c9d22c3b617691ff0d2120e73606c945ba623737e96cae61f94acfca",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x899f9a0440face1397a1ee1e3f6bf3580a6633d1"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x041ae880",
            "selector": "0x041ae880",
            "calldata_variants": [
                "0x041ae880",
                "0x041ae8800000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x3ba0b9a9",
            "selector": "0x3ba0b9a9",
            "calldata_variants": [
                "0x3ba0b9a9",
                "0x3ba0b9a90000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xa6e158f8",
            "selector": "0xa6e158f8",
            "calldata_variants": [
                "0xa6e158f8",
                "0xa6e158f80000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xfc0c546a",
            "selector": "0xfc0c546a",
            "calldata_variants": [
                "0xfc0c546a",
                "0xfc0c546a0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 427,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 505,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 2,
    "guards_detected": []
}