TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b3844-94bc-708d-aae6-a2d0895c6498

complete
Chain ID
1
Address
0xe26f2b4253cfb866ae9d5ff375807a0f1fb8a5dc
Block Number
Created
Fri, Dec 19, 2025 8:19 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Not yet
Best current signal
Authorization based on tx.origin
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
13249 artifact.fetch complete 1 / 3 3 months ago
13250 tool.cast_disasm complete 1 / 3 3 months ago
112354 analysis.bundle complete 1 / 3 1 week ago
112355 capability.graph complete 1 / 3 1 week ago
112356 detector.run complete 1 / 3 1 week ago
112357 validation.fork complete 1 / 3 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
1
CREATE2
0
CALL-family (heavy)
2
EXT*/BALANCE
0
Total opcodes
227
Flags
selfdestruct_present
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: PUSH2 0x001e
0000000c: JUMPI
0000000d: PUSH1 0x00
0000000f: CALLDATALOAD
00000010: PUSH1 0xe0
00000012: SHR
00000013: DUP1
00000014: PUSH4 0x8da5cb5b
00000019: EQ
0000001a: PUSH2 0x015f
0000001d: JUMPI
0000001e: JUMPDEST
0000001f: PUSH1 0x02
00000021: PUSH1 0x00
00000023: SWAP1
00000024: SLOAD
00000025: SWAP1
00000026: PUSH2 0x0100
00000029: EXP
0000002a: SWAP1
0000002b: DIV
0000002c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000041: AND
00000042: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000057: AND
00000058: CALLER
00000059: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000006e: AND
0000006f: EQ
00000070: ISZERO
00000071: PUSH2 0x015d
00000074: JUMPI
00000075: PUSH1 0x00
00000077: DUP1
00000078: SWAP1
00000079: SLOAD
0000007a: SWAP1
0000007b: PUSH2 0x0100
0000007e: EXP
0000007f: SWAP1
00000080: DIV
00000081: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000096: AND
00000097: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000ac: AND
000000ad: PUSH2 0x08fc
000000b0: PUSH1 0x0a
000000b2: CALLVALUE
000000b3: DUP2
000000b4: PUSH2 0x00b9
000000b7: JUMPI
000000b8: INVALID
000000b9: JUMPDEST
000000ba: DIV
000000bb: SWAP1
000000bc: DUP2
000000bd: ISZERO
000000be: MUL
000000bf: SWAP1
000000c0: PUSH1 0x40
000000c2: MLOAD
000000c3: PUSH1 0x00
000000c5: PUSH1 0x40
000000c7: MLOAD
000000c8: DUP1
000000c9: DUP4
000000ca: SUB
000000cb: DUP2
000000cc: DUP6
000000cd: DUP9
000000ce: DUP9
000000cf: CALL
000000d0: SWAP4
000000d1: POP
000000d2: POP
000000d3: POP
000000d4: POP
000000d5: ISZERO
000000d6: DUP1
000000d7: ISZERO
000000d8: PUSH2 0x00e5
000000db: JUMPI
000000dc: RETURNDATASIZE
000000dd: PUSH1 0x00
000000df: DUP1
000000e0: RETURNDATACOPY
000000e1: RETURNDATASIZE
000000e2: PUSH1 0x00
000000e4: REVERT
000000e5: JUMPDEST
000000e6: POP
000000e7: PUSH1 0x01
000000e9: PUSH1 0x00
000000eb: SWAP1
000000ec: SLOAD
000000ed: SWAP1
000000ee: PUSH2 0x0100
000000f1: EXP
000000f2: SWAP1
000000f3: DIV
000000f4: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000109: AND
0000010a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000011f: AND
00000120: PUSH2 0x08fc
00000123: PUSH1 0x0a
00000125: PUSH1 0x09
00000127: CALLVALUE
00000128: MUL
00000129: DUP2
0000012a: PUSH2 0x012f
0000012d: JUMPI
0000012e: INVALID
0000012f: JUMPDEST
00000130: DIV
00000131: SWAP1
00000132: DUP2
00000133: ISZERO
00000134: MUL
00000135: SWAP1
00000136: PUSH1 0x40
00000138: MLOAD
00000139: PUSH1 0x00
0000013b: PUSH1 0x40
0000013d: MLOAD
0000013e: DUP1
0000013f: DUP4
00000140: SUB
00000141: DUP2
00000142: DUP6
00000143: DUP9
00000144: DUP9
00000145: CALL
00000146: SWAP4
00000147: POP
00000148: POP
00000149: POP
0000014a: POP
0000014b: ISZERO
0000014c: DUP1
0000014d: ISZERO
0000014e: PUSH2 0x015b
00000151: JUMPI
00000152: RETURNDATASIZE
00000153: PUSH1 0x00
00000155: DUP1
00000156: RETURNDATACOPY
00000157: RETURNDATASIZE
00000158: PUSH1 0x00
0000015a: REVERT
0000015b: JUMPDEST
0000015c: POP
0000015d: JUMPDEST
0000015e: STOP
0000015f: JUMPDEST
00000160: CALLVALUE
00000161: DUP1
00000162: ISZERO
00000163: PUSH2 0x016b
00000166: JUMPI
00000167: PUSH1 0x00
00000169: DUP1
0000016a: REVERT
0000016b: JUMPDEST
0000016c: POP
0000016d: PUSH2 0x0174
00000170: PUSH2 0x01b6
00000173: JUMP
00000174: JUMPDEST
00000175: PUSH1 0x40
00000177: MLOAD
00000178: DUP1
00000179: DUP3
0000017a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000018f: AND
00000190: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001a5: AND
000001a6: DUP2
000001a7: MSTORE
000001a8: PUSH1 0x20
000001aa: ADD
000001ab: SWAP2
000001ac: POP
000001ad: POP
000001ae: PUSH1 0x40
000001b0: MLOAD
000001b1: DUP1
000001b2: SWAP2
000001b3: SUB
000001b4: SWAP1
000001b5: RETURN
000001b6: JUMPDEST
000001b7: PUSH1 0x02
000001b9: PUSH1 0x00
000001bb: SWAP1
000001bc: SLOAD
000001bd: SWAP1
000001be: PUSH2 0x0100
000001c1: EXP
000001c2: SWAP1
000001c3: DIV
000001c4: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001d9: AND
000001da: DUP2
000001db: JUMP
000001dc: INVALID
000001dd: LOG2
000001de: PUSH6 0x627a7a723158
000001e5: KECCAK256
000001e6: REVERT
000001e7: UNKNOWN(0x2F)
000001e8: PUSH26 0x0e9e6d3421b3f8f3aa8774efdc16432e43f3ec5b493a14925721
00000203: JUMPI
00000204: SWAP4
00000205: SELFDESTRUCT
00000206: PUSH5 0x736f6c6343
0000020c: STOP
0000020d: SDIV
0000020e: UNKNOWN(0x0C)
0000020f: STOP
00000210: ORIGIN
View stderr 
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high auth detector Authorization based on tx.origin 70 no
view
validation_json 
{
    "reason": "missing sink mapping",
    "status": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x8da5cb5b",
            "selector": "0x8da5cb5b",
            "calldata_variants": [
                "0x8da5cb5b",
                "0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "guards_detected": [
        {
            "pc": 88,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 528,
            "type": "tx_origin_used"
        }
    ]
}
medium other detector Untrusted CALL target/value reachable 45 no no
view
trace_id: 0xda4c80a9aaff495afd373a92eac7f02591d77cb493f61495d4577105e8bdcbd8
call_targets: 0xe26f2b4253cfb866ae9d5ff375807a0f1fb8a5dc
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0xda4c80a9aaff495afd373a92eac7f02591d77cb493f61495d4577105e8bdcbd8",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0xe26f2b4253cfb866ae9d5ff375807a0f1fb8a5dc"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x8da5cb5b",
            "selector": "0x8da5cb5b",
            "calldata_variants": [
                "0x8da5cb5b",
                "0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 207,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 325,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 2,
    "guards_detected": [
        {
            "pc": 88,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 528,
            "type": "tx_origin_used"
        }
    ],
    "untrusted_call_count": 2
}
medium other detector ETH value transfer possible 40 no no
view
trace_id: 0xda4c80a9aaff495afd373a92eac7f02591d77cb493f61495d4577105e8bdcbd8
call_targets: 0xe26f2b4253cfb866ae9d5ff375807a0f1fb8a5dc
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0xda4c80a9aaff495afd373a92eac7f02591d77cb493f61495d4577105e8bdcbd8",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0xe26f2b4253cfb866ae9d5ff375807a0f1fb8a5dc"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x8da5cb5b",
            "selector": "0x8da5cb5b",
            "calldata_variants": [
                "0x8da5cb5b",
                "0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 207,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 325,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 2,
    "guards_detected": [
        {
            "pc": 88,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 528,
            "type": "tx_origin_used"
        }
    ]
}
medium other detector SELFDESTRUCT reachable 45 no no
view
trace_id: 0xcf9be2bb26f68e2c833edf036b5aea184fb5a8e50306cfb9a43f1c5d64801ae3
validation_json 
{
    "sink": "SELFDESTRUCT",
    "errors": 0,
    "status": "unknown",
    "attempts": 2,
    "trace_id": "0xcf9be2bb26f68e2c833edf036b5aea184fb5a8e50306cfb9a43f1c5d64801ae3",
    "confirmed": false,
    "trace_mode": "structLogs",
    "call_targets": null,
    "matched_probe": null,
    "target_varies": null,
    "classification": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x8da5cb5b",
            "selector": "0x8da5cb5b",
            "calldata_variants": [
                "0x8da5cb5b",
                "0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "guards_detected": [
        {
            "pc": 88,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 528,
            "type": "tx_origin_used"
        }
    ],
    "selfdestruct_count": 1
}