TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b3844-89df-7272-ad48-903e9466e9fb

complete
Chain ID
1
Address
0x5f3ce3907e7e4c5b5b8d04dd3211ca8b81a64733
Block Number
Created
Fri, Dec 19, 2025 8:19 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted DELEGATECALL target reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
11527 artifact.fetch complete 1 / 3 3 months ago
11528 tool.cast_disasm complete 1 / 3 3 months ago
54636 analysis.bundle complete 1 / 3 1 week ago
54637 capability.graph complete 1 / 3 1 week ago
54638 detector.run complete 1 / 3 1 week ago
54639 validation.fork complete 1 / 3 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
3
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
0
EXT*/BALANCE
0
Total opcodes
598
Flags
delegatecall_present
View cast disassembly output 
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: ISZERO
00000007: PUSH2 0x0072
0000000a: JUMPI
0000000b: PUSH4 0xffffffff
00000010: PUSH1 0xe0
00000012: PUSH1 0x02
00000014: EXP
00000015: PUSH1 0x00
00000017: CALLDATALOAD
00000018: DIV
00000019: AND
0000001a: PUSH4 0x2f54bf6e
0000001f: DUP2
00000020: EQ
00000021: PUSH2 0x012d
00000024: JUMPI
00000025: DUP1
00000026: PUSH4 0x4123cb6b
0000002b: EQ
0000002c: PUSH2 0x015d
0000002f: JUMPI
00000030: DUP1
00000031: PUSH4 0x52375093
00000036: EQ
00000037: PUSH2 0x017f
0000003a: JUMPI
0000003b: DUP1
0000003c: PUSH4 0x659010e7
00000041: EQ
00000042: PUSH2 0x01a1
00000045: JUMPI
00000046: DUP1
00000047: PUSH4 0x746c9171
0000004c: EQ
0000004d: PUSH2 0x01c3
00000050: JUMPI
00000051: DUP1
00000052: PUSH4 0xc2cf7326
00000057: EQ
00000058: PUSH2 0x01e5
0000005b: JUMPI
0000005c: DUP1
0000005d: PUSH4 0xc41a360a
00000062: EQ
00000063: PUSH2 0x0218
00000066: JUMPI
00000067: DUP1
00000068: PUSH4 0xf1736d86
0000006d: EQ
0000006e: PUSH2 0x0247
00000071: JUMPI
00000072: JUMPDEST
00000073: PUSH2 0x012b
00000076: JUMPDEST
00000077: PUSH1 0x00
00000079: CALLVALUE
0000007a: GT
0000007b: ISZERO
0000007c: PUSH2 0x00c7
0000007f: JUMPI
00000080: PUSH1 0x40
00000082: DUP1
00000083: MLOAD
00000084: PUSH1 0x01
00000086: PUSH1 0xa0
00000088: PUSH1 0x02
0000008a: EXP
0000008b: SUB
0000008c: CALLER
0000008d: AND
0000008e: DUP2
0000008f: MSTORE
00000090: CALLVALUE
00000091: PUSH1 0x20
00000093: DUP3
00000094: ADD
00000095: MSTORE
00000096: DUP2
00000097: MLOAD
00000098: PUSH32 0xe1fffcc4923d04b559f4d29a8bfc6cda04eb5b0d3c460751c2402c5c5cc9109c
000000b9: SWAP3
000000ba: SWAP2
000000bb: DUP2
000000bc: SWAP1
000000bd: SUB
000000be: SWAP1
000000bf: SWAP2
000000c0: ADD
000000c1: SWAP1
000000c2: LOG1
000000c3: PUSH2 0x0127
000000c6: JUMP
000000c7: JUMPDEST
000000c8: PUSH1 0x00
000000ca: CALLDATASIZE
000000cb: GT
000000cc: ISZERO
000000cd: PUSH2 0x0127
000000d0: JUMPI
000000d1: PUSH20 0x863df6bfa4469f3ead0be8f9f2aae51c91a907b4
000000e6: PUSH1 0x01
000000e8: PUSH1 0xa0
000000ea: PUSH1 0x02
000000ec: EXP
000000ed: SUB
000000ee: AND
000000ef: PUSH1 0x00
000000f1: CALLDATASIZE
000000f2: PUSH1 0x00
000000f4: PUSH1 0x40
000000f6: MLOAD
000000f7: PUSH1 0x20
000000f9: ADD
000000fa: MSTORE
000000fb: PUSH1 0x40
000000fd: MLOAD
000000fe: DUP1
000000ff: DUP4
00000100: DUP4
00000101: DUP1
00000102: DUP3
00000103: DUP5
00000104: CALLDATACOPY
00000105: DUP3
00000106: ADD
00000107: SWAP2
00000108: POP
00000109: POP
0000010a: SWAP3
0000010b: POP
0000010c: POP
0000010d: POP
0000010e: PUSH1 0x20
00000110: PUSH1 0x40
00000112: MLOAD
00000113: DUP1
00000114: DUP4
00000115: SUB
00000116: DUP2
00000117: DUP6
00000118: PUSH1 0x32
0000011a: GAS
0000011b: SUB
0000011c: DELEGATECALL
0000011d: ISZERO
0000011e: ISZERO
0000011f: PUSH2 0x0124
00000122: JUMPI
00000123: INVALID
00000124: JUMPDEST
00000125: POP
00000126: POP
00000127: JUMPDEST
00000128: JUMPDEST
00000129: JUMPDEST
0000012a: JUMP
0000012b: JUMPDEST
0000012c: STOP
0000012d: JUMPDEST
0000012e: CALLVALUE
0000012f: ISZERO
00000130: PUSH2 0x0135
00000133: JUMPI
00000134: INVALID
00000135: JUMPDEST
00000136: PUSH2 0x0149
00000139: PUSH1 0x01
0000013b: PUSH1 0xa0
0000013d: PUSH1 0x02
0000013f: EXP
00000140: SUB
00000141: PUSH1 0x04
00000143: CALLDATALOAD
00000144: AND
00000145: PUSH2 0x0269
00000148: JUMP
00000149: JUMPDEST
0000014a: PUSH1 0x40
0000014c: DUP1
0000014d: MLOAD
0000014e: SWAP2
0000014f: ISZERO
00000150: ISZERO
00000151: DUP3
00000152: MSTORE
00000153: MLOAD
00000154: SWAP1
00000155: DUP2
00000156: SWAP1
00000157: SUB
00000158: PUSH1 0x20
0000015a: ADD
0000015b: SWAP1
0000015c: RETURN
0000015d: JUMPDEST
0000015e: CALLVALUE
0000015f: ISZERO
00000160: PUSH2 0x0165
00000163: JUMPI
00000164: INVALID
00000165: JUMPDEST
00000166: PUSH2 0x016d
00000169: PUSH2 0x02cd
0000016c: JUMP
0000016d: JUMPDEST
0000016e: PUSH1 0x40
00000170: DUP1
00000171: MLOAD
00000172: SWAP2
00000173: DUP3
00000174: MSTORE
00000175: MLOAD
00000176: SWAP1
00000177: DUP2
00000178: SWAP1
00000179: SUB
0000017a: PUSH1 0x20
0000017c: ADD
0000017d: SWAP1
0000017e: RETURN
0000017f: JUMPDEST
00000180: CALLVALUE
00000181: ISZERO
00000182: PUSH2 0x0187
00000185: JUMPI
00000186: INVALID
00000187: JUMPDEST
00000188: PUSH2 0x016d
0000018b: PUSH2 0x02d3
0000018e: JUMP
0000018f: JUMPDEST
00000190: PUSH1 0x40
00000192: DUP1
00000193: MLOAD
00000194: SWAP2
00000195: DUP3
00000196: MSTORE
00000197: MLOAD
00000198: SWAP1
00000199: DUP2
0000019a: SWAP1
0000019b: SUB
0000019c: PUSH1 0x20
0000019e: ADD
0000019f: SWAP1
000001a0: RETURN
000001a1: JUMPDEST
000001a2: CALLVALUE
000001a3: ISZERO
000001a4: PUSH2 0x01a9
000001a7: JUMPI
000001a8: INVALID
000001a9: JUMPDEST
000001aa: PUSH2 0x016d
000001ad: PUSH2 0x02d9
000001b0: JUMP
000001b1: JUMPDEST
000001b2: PUSH1 0x40
000001b4: DUP1
000001b5: MLOAD
000001b6: SWAP2
000001b7: DUP3
000001b8: MSTORE
000001b9: MLOAD
000001ba: SWAP1
000001bb: DUP2
000001bc: SWAP1
000001bd: SUB
000001be: PUSH1 0x20
000001c0: ADD
000001c1: SWAP1
000001c2: RETURN
000001c3: JUMPDEST
000001c4: CALLVALUE
000001c5: ISZERO
000001c6: PUSH2 0x01cb
000001c9: JUMPI
000001ca: INVALID
000001cb: JUMPDEST
000001cc: PUSH2 0x016d
000001cf: PUSH2 0x02df
000001d2: JUMP
000001d3: JUMPDEST
000001d4: PUSH1 0x40
000001d6: DUP1
000001d7: MLOAD
000001d8: SWAP2
000001d9: DUP3
000001da: MSTORE
000001db: MLOAD
000001dc: SWAP1
000001dd: DUP2
000001de: SWAP1
000001df: SUB
000001e0: PUSH1 0x20
000001e2: ADD
000001e3: SWAP1
000001e4: RETURN
000001e5: JUMPDEST
000001e6: CALLVALUE
000001e7: ISZERO
000001e8: PUSH2 0x01ed
000001eb: JUMPI
000001ec: INVALID
000001ed: JUMPDEST
000001ee: PUSH2 0x0149
000001f1: PUSH1 0x04
000001f3: CALLDATALOAD
000001f4: PUSH1 0x01
000001f6: PUSH1 0xa0
000001f8: PUSH1 0x02
000001fa: EXP
000001fb: SUB
000001fc: PUSH1 0x24
000001fe: CALLDATALOAD
000001ff: AND
00000200: PUSH2 0x02e5
00000203: JUMP
00000204: JUMPDEST
00000205: PUSH1 0x40
00000207: DUP1
00000208: MLOAD
00000209: SWAP2
0000020a: ISZERO
0000020b: ISZERO
0000020c: DUP3
0000020d: MSTORE
0000020e: MLOAD
0000020f: SWAP1
00000210: DUP2
00000211: SWAP1
00000212: SUB
00000213: PUSH1 0x20
00000215: ADD
00000216: SWAP1
00000217: RETURN
00000218: JUMPDEST
00000219: CALLVALUE
0000021a: ISZERO
0000021b: PUSH2 0x0220
0000021e: JUMPI
0000021f: INVALID
00000220: JUMPDEST
00000221: PUSH2 0x022b
00000224: PUSH1 0x04
00000226: CALLDATALOAD
00000227: PUSH2 0x034a
0000022a: JUMP
0000022b: JUMPDEST
0000022c: PUSH1 0x40
0000022e: DUP1
0000022f: MLOAD
00000230: PUSH1 0x01
00000232: PUSH1 0xa0
00000234: PUSH1 0x02
00000236: EXP
00000237: SUB
00000238: SWAP1
00000239: SWAP3
0000023a: AND
0000023b: DUP3
0000023c: MSTORE
0000023d: MLOAD
0000023e: SWAP1
0000023f: DUP2
00000240: SWAP1
00000241: SUB
00000242: PUSH1 0x20
00000244: ADD
00000245: SWAP1
00000246: RETURN
00000247: JUMPDEST
00000248: CALLVALUE
00000249: ISZERO
0000024a: PUSH2 0x024f
0000024d: JUMPI
0000024e: INVALID
0000024f: JUMPDEST
00000250: PUSH2 0x016d
00000253: PUSH2 0x036b
00000256: JUMP
00000257: JUMPDEST
00000258: PUSH1 0x40
0000025a: DUP1
0000025b: MLOAD
0000025c: SWAP2
0000025d: DUP3
0000025e: MSTORE
0000025f: MLOAD
00000260: SWAP1
00000261: DUP2
00000262: SWAP1
00000263: SUB
00000264: PUSH1 0x20
00000266: ADD
00000267: SWAP1
00000268: RETURN
00000269: JUMPDEST
0000026a: PUSH1 0x00
0000026c: PUSH20 0x863df6bfa4469f3ead0be8f9f2aae51c91a907b4
00000281: PUSH1 0x01
00000283: PUSH1 0xa0
00000285: PUSH1 0x02
00000287: EXP
00000288: SUB
00000289: AND
0000028a: PUSH1 0x00
0000028c: CALLDATASIZE
0000028d: PUSH1 0x00
0000028f: PUSH1 0x40
00000291: MLOAD
00000292: PUSH1 0x20
00000294: ADD
00000295: MSTORE
00000296: PUSH1 0x40
00000298: MLOAD
00000299: DUP1
0000029a: DUP4
0000029b: DUP4
0000029c: DUP1
0000029d: DUP3
0000029e: DUP5
0000029f: CALLDATACOPY
000002a0: DUP3
000002a1: ADD
000002a2: SWAP2
000002a3: POP
000002a4: POP
000002a5: SWAP3
000002a6: POP
000002a7: POP
000002a8: POP
000002a9: PUSH1 0x20
000002ab: PUSH1 0x40
000002ad: MLOAD
000002ae: DUP1
000002af: DUP4
000002b0: SUB
000002b1: DUP2
000002b2: DUP6
000002b3: PUSH1 0x32
000002b5: GAS
000002b6: SUB
000002b7: DELEGATECALL
000002b8: ISZERO
000002b9: ISZERO
000002ba: PUSH2 0x02bf
000002bd: JUMPI
000002be: INVALID
000002bf: JUMPDEST
000002c0: POP
000002c1: POP
000002c2: PUSH1 0x40
000002c4: MLOAD
000002c5: MLOAD
000002c6: SWAP1
000002c7: POP
000002c8: JUMPDEST
000002c9: SWAP2
000002ca: SWAP1
000002cb: POP
000002cc: JUMP
000002cd: JUMPDEST
000002ce: PUSH1 0x01
000002d0: SLOAD
000002d1: DUP2
000002d2: JUMP
000002d3: JUMPDEST
000002d4: PUSH1 0x04
000002d6: SLOAD
000002d7: DUP2
000002d8: JUMP
000002d9: JUMPDEST
000002da: PUSH1 0x03
000002dc: SLOAD
000002dd: DUP2
000002de: JUMP
000002df: JUMPDEST
000002e0: PUSH1 0x00
000002e2: SLOAD
000002e3: DUP2
000002e4: JUMP
000002e5: JUMPDEST
000002e6: PUSH1 0x00
000002e8: PUSH20 0x863df6bfa4469f3ead0be8f9f2aae51c91a907b4
000002fd: PUSH1 0x01
000002ff: PUSH1 0xa0
00000301: PUSH1 0x02
00000303: EXP
00000304: SUB
00000305: AND
00000306: PUSH1 0x00
00000308: CALLDATASIZE
00000309: PUSH1 0x00
0000030b: PUSH1 0x40
0000030d: MLOAD
0000030e: PUSH1 0x20
00000310: ADD
00000311: MSTORE
00000312: PUSH1 0x40
00000314: MLOAD
00000315: DUP1
00000316: DUP4
00000317: DUP4
00000318: DUP1
00000319: DUP3
0000031a: DUP5
0000031b: CALLDATACOPY
0000031c: DUP3
0000031d: ADD
0000031e: SWAP2
0000031f: POP
00000320: POP
00000321: SWAP3
00000322: POP
00000323: POP
00000324: POP
00000325: PUSH1 0x20
00000327: PUSH1 0x40
00000329: MLOAD
0000032a: DUP1
0000032b: DUP4
0000032c: SUB
0000032d: DUP2
0000032e: DUP6
0000032f: PUSH1 0x32
00000331: GAS
00000332: SUB
00000333: DELEGATECALL
00000334: ISZERO
00000335: ISZERO
00000336: PUSH2 0x033b
00000339: JUMPI
0000033a: INVALID
0000033b: JUMPDEST
0000033c: POP
0000033d: POP
0000033e: PUSH1 0x40
00000340: MLOAD
00000341: MLOAD
00000342: SWAP1
00000343: POP
00000344: JUMPDEST
00000345: SWAP3
00000346: SWAP2
00000347: POP
00000348: POP
00000349: JUMP
0000034a: JUMPDEST
0000034b: PUSH1 0x00
0000034d: PUSH1 0x05
0000034f: PUSH1 0x01
00000351: DUP4
00000352: ADD
00000353: PUSH2 0x0100
00000356: DUP2
00000357: LT
00000358: PUSH2 0x035d
0000035b: JUMPI
0000035c: INVALID
0000035d: JUMPDEST
0000035e: ADD
0000035f: PUSH1 0x00
00000361: JUMPDEST
00000362: POP
00000363: SLOAD
00000364: SWAP1
00000365: POP
00000366: JUMPDEST
00000367: SWAP2
00000368: SWAP1
00000369: POP
0000036a: JUMP
0000036b: JUMPDEST
0000036c: PUSH1 0x02
0000036e: SLOAD
0000036f: DUP2
00000370: JUMP
00000371: STOP
00000372: LOG1
00000373: PUSH6 0x627a7a723058
0000037a: KECCAK256
0000037b: UNKNOWN(0xC2)
0000037c: EXP
0000037d: DUP5
0000037e: PUSH22 0xc42598c198f6629bada37e1b234da85ac2c0cbac3d96
00000395: ADDMOD
00000396: SWAP1
00000397: ADDRESS
00000398: UNKNOWN(0xB1)
00000399: DUP1
0000039a: BLOCKHASH
0000039b: STOP
0000039c: UNKNOWN(0x29)
View stderr 
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
critical upgradeability detector Untrusted DELEGATECALL target reachable 70 no no
view
trace_id: 0x516a3bae5630059dd8bee7aa2a559ed5ff34a3daa0a69a2905db270afe9e3925
call_targets: 0x863df6bfa4469f3ead0be8f9f2aae51c91a907b4
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "DELEGATECALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x516a3bae5630059dd8bee7aa2a559ed5ff34a3daa0a69a2905db270afe9e3925",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x863df6bfa4469f3ead0be8f9f2aae51c91a907b4"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x2f54bf6e",
            "selector": "0x2f54bf6e",
            "calldata_variants": [
                "0x2f54bf6e",
                "0x2f54bf6e0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x4123cb6b",
            "selector": "0x4123cb6b",
            "calldata_variants": [
                "0x4123cb6b",
                "0x4123cb6b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x52375093",
            "selector": "0x52375093",
            "calldata_variants": [
                "0x52375093",
                "0x523750930000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x659010e7",
            "selector": "0x659010e7",
            "calldata_variants": [
                "0x659010e7",
                "0x659010e70000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x746c9171",
            "selector": "0x746c9171",
            "calldata_variants": [
                "0x746c9171",
                "0x746c91710000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xc2cf7326",
            "selector": "0xc2cf7326",
            "calldata_variants": [
                "0xc2cf7326",
                "0xc2cf73260000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xc41a360a",
            "selector": "0xc41a360a",
            "calldata_variants": [
                "0xc41a360a",
                "0xc41a360a0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf1736d86",
            "selector": "0xf1736d86",
            "calldata_variants": [
                "0xf1736d86",
                "0xf1736d860000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 284,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        },
        {
            "pc": 695,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        },
        {
            "pc": 819,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        }
    ],
    "guards_detected": [],
    "delegatecall_count": 3,
    "untrusted_delegatecall_count": 3
}