Analysis Run

019b3844-9704-72ec-8d22-576e7dc1e0a8

complete

Chain ID

1

Address

0x4bc3c92673d06688c865248c6696ea7c52d1710e

Block Number

—

Created

Fri, Dec 19, 2025 8:19 PM

Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract

Confirmed

0

Validated

0

Source

Bytecode only

Review Backing

Not yet

Best current signal

Untrusted DELEGATECALL target reachable

crit 0 high 0 direct contract

Review Checklist

1. Read the findings table first. Ignore raw jobs until the result looks real.

2. Confirm attacker control, not just the existence of a sink.

3. Confirm money or privilege impact.

4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts

ID	Type	Status	Attempts	Heartbeat
13647	artifact.fetch	complete	1 / 3	4 months ago
13648	tool.cast_disasm	complete	1 / 3	4 months ago
56889	analysis.bundle	complete	1 / 3	2 weeks ago
56890	capability.graph	complete	1 / 3	2 weeks ago
56891	detector.run	complete	1 / 3	2 weeks ago
56892	validation.fork	complete	1 / 3	2 weeks ago

Artifact

Runtime bytecode: available

Creation TX: —

Deployer: —

Proxy: no

Implementation:

—

Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm

Delegatecall

2

Selfdestruct

0

CREATE2

0

CALL-family (heavy)

1

EXT*/BALANCE

0

Total opcodes

79

Flags

delegatecall_present proxy_like_runtime

View cast disassembly output

00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH32 0xc5f16f0fcc639fa48a6947836d9850f504798523bf8c9a3a87d5876cf622bcf7
00000026: SLOAD
00000027: PUSH1 0x40
00000029: MLOAD
0000002a: CALLDATASIZE
0000002b: PUSH1 0x00
0000002d: DUP3
0000002e: CALLDATACOPY
0000002f: PUSH1 0x00
00000031: DUP1
00000032: CALLDATASIZE
00000033: DUP4
00000034: DUP6
00000035: GAS
00000036: DELEGATECALL
00000037: RETURNDATASIZE
00000038: DUP1
00000039: PUSH1 0x00
0000003b: DUP5
0000003c: RETURNDATACOPY
0000003d: DUP2
0000003e: PUSH1 0x00
00000040: DUP2
00000041: EQ
00000042: PUSH1 0x48
00000044: JUMPI
00000045: DUP2
00000046: DUP5
00000047: RETURN
00000048: JUMPDEST
00000049: DUP2
0000004a: DUP5
0000004b: REVERT
0000004c: INVALID
0000004d: LOG2
0000004e: PUSH5 0x6970667358
00000054: UNKNOWN(0x22)
00000055: SLT
00000056: KECCAK256
00000057: JUMPI
00000058: UNKNOWN(0xE2)
00000059: UNKNOWN(0xB7)
0000005a: PUSH0
0000005b: ORIGIN
0000005c: MULMOD
0000005d: UNKNOWN(0x4D)
0000005e: SWAP4
0000005f: MOD
00000060: UNKNOWN(0xE5)
00000061: REVERT
00000062: UNKNOWN(0x25)
00000063: PUSH1 0xc7
00000065: BLOCKHASH
00000066: CALL
00000067: DELEGATECALL
00000068: CALLDATALOAD
00000069: GAS
0000006a: KECCAK256
0000006b: SWAP8
0000006c: DUP12
0000006d: SWAP15
0000006e: PC
0000006f: UNKNOWN(0xDF)
00000070: DUP2
00000071: UNKNOWN(0xB2)
00000072: DIFFICULTY
00000073: OR
00000074: DUP3
00000075: XOR
00000076: SWAP10
00000077: PUSH5 0x736f6c6343
0000007d: STOP
0000007e: MOD
0000007f: UNKNOWN(0x0C)
00000080: STOP
00000081: CALLER

View stderr

Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others

Severity	Category	Tool	Title	Confidence	Validated	Confirmed	Details
high	upgradeability	detector	Untrusted DELEGATECALL target reachable	55	no	no	view trace_id: 0xa7d0331fad1498ae7c2dee7349f0a6560257e1d210f9e08500dbd8c4c93f9d17 call_targets: 0x141a01b4ec8e9424dec5b866c0f580d552007ac5 target_varies: no classification: constant_target validation_json { "sink": "DELEGATECALL", "errors": 0, "status": "sink_reached", "attempts": 1, "trace_id": "0xa7d0331fad1498ae7c2dee7349f0a6560257e1d210f9e08500dbd8c4c93f9d17", "confirmed": false, "trace_mode": "callTracer", "call_targets": [ "0x141a01b4ec8e9424dec5b866c0f580d552007ac5" ], "matched_probe": null, "target_varies": false, "classification": "constant_target" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x", "selector": "fallback", "calldata_variants": [ "0x" ] } ] } evidence_json { "examples": [ { "pc": 54, "opcode": "DELEGATECALL", "returndata_checked": null, "value_expression_category": "n/a", "target_expression_category": "computed" }, { "pc": 103, "opcode": "DELEGATECALL", "returndata_checked": null, "value_expression_category": "n/a", "target_expression_category": "computed" } ], "guards_detected": [ { "pc": 91, "type": "tx_origin_used" } ], "delegatecall_count": 2, "untrusted_delegatecall_count": 2 }
high	auth	detector	Authorization based on tx.origin	70	no	—	view validation_json { "reason": "missing sink mapping", "status": "no_sink" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x", "selector": "fallback", "calldata_variants": [ "0x" ] } ] } evidence_json { "guards_detected": [ { "pc": 91, "type": "tx_origin_used" } ] }
medium	other	detector	Untrusted CALL target/value reachable	45	no	no	view trace_id: 0xa7d0331fad1498ae7c2dee7349f0a6560257e1d210f9e08500dbd8c4c93f9d17 call_targets: 0x4bc3c92673d06688c865248c6696ea7c52d1710e target_varies: no classification: constant_target validation_json { "sink": "CALL", "errors": 0, "status": "sink_reached", "attempts": 1, "trace_id": "0xa7d0331fad1498ae7c2dee7349f0a6560257e1d210f9e08500dbd8c4c93f9d17", "confirmed": false, "trace_mode": "callTracer", "call_targets": [ "0x4bc3c92673d06688c865248c6696ea7c52d1710e" ], "matched_probe": null, "target_varies": false, "classification": "constant_target" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x", "selector": "fallback", "calldata_variants": [ "0x" ] } ] } evidence_json { "examples": [ { "pc": 102, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" } ], "call_count": 1, "guards_detected": [ { "pc": 91, "type": "tx_origin_used" } ], "untrusted_call_count": 1 }
medium	other	detector	ETH value transfer possible	40	no	no	view trace_id: 0xa7d0331fad1498ae7c2dee7349f0a6560257e1d210f9e08500dbd8c4c93f9d17 call_targets: 0x4bc3c92673d06688c865248c6696ea7c52d1710e target_varies: no classification: constant_target validation_json { "sink": "CALL", "errors": 0, "status": "sink_reached", "attempts": 1, "trace_id": "0xa7d0331fad1498ae7c2dee7349f0a6560257e1d210f9e08500dbd8c4c93f9d17", "confirmed": false, "trace_mode": "callTracer", "call_targets": [ "0x4bc3c92673d06688c865248c6696ea7c52d1710e" ], "matched_probe": null, "target_varies": false, "classification": "constant_target" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x", "selector": "fallback", "calldata_variants": [ "0x" ] } ] } evidence_json { "examples": [ { "pc": 102, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" } ], "eth_value_calls": 1, "guards_detected": [ { "pc": 91, "type": "tx_origin_used" } ] }