TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b3844-984c-7105-acb6-7dab872323e6

complete
Chain ID
1
Address
0x1337def1c5ebbd9840e6b25c4438e829555395aa
Block Number
Created
Fri, Dec 19, 2025 8:19 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted DELEGATECALL target reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
13887 artifact.fetch complete 1 / 3 3 months ago
13888 tool.cast_disasm complete 1 / 3 3 months ago
85300 analysis.bundle complete 1 / 3 1 week ago
85301 capability.graph complete 1 / 3 1 week ago
85302 detector.run complete 1 / 3 1 week ago
85303 validation.fork complete 1 / 3 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
1
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
0
EXT*/BALANCE
0
Total opcodes
407
Flags
delegatecall_present
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: PUSH2 0x003f
0000000c: JUMPI
0000000d: PUSH1 0x00
0000000f: CALLDATALOAD
00000010: PUSH1 0xe0
00000012: SHR
00000013: DUP1
00000014: PUSH4 0x025313a2
00000019: EQ
0000001a: PUSH2 0x0083
0000001d: JUMPI
0000001e: DUP1
0000001f: PUSH4 0x3659cfe6
00000024: EQ
00000025: PUSH2 0x00b4
00000028: JUMPI
00000029: DUP1
0000002a: PUSH4 0x5c60da1b
0000002f: EQ
00000030: PUSH2 0x00e9
00000033: JUMPI
00000034: DUP1
00000035: PUSH4 0xf1739cae
0000003a: EQ
0000003b: PUSH2 0x00fe
0000003e: JUMPI
0000003f: JUMPDEST
00000040: PUSH1 0x00
00000042: PUSH2 0x0049
00000045: PUSH2 0x0131
00000048: JUMP
00000049: JUMPDEST
0000004a: SWAP1
0000004b: POP
0000004c: PUSH1 0x01
0000004e: PUSH1 0x01
00000050: PUSH1 0xa0
00000052: SHL
00000053: SUB
00000054: DUP2
00000055: AND
00000056: PUSH2 0x005e
00000059: JUMPI
0000005a: PUSH1 0x00
0000005c: DUP1
0000005d: REVERT
0000005e: JUMPDEST
0000005f: PUSH1 0x40
00000061: MLOAD
00000062: CALLDATASIZE
00000063: PUSH1 0x00
00000065: DUP3
00000066: CALLDATACOPY
00000067: PUSH1 0x00
00000069: DUP1
0000006a: CALLDATASIZE
0000006b: DUP4
0000006c: DUP6
0000006d: GAS
0000006e: DELEGATECALL
0000006f: RETURNDATASIZE
00000070: DUP1
00000071: PUSH1 0x00
00000073: DUP5
00000074: RETURNDATACOPY
00000075: DUP2
00000076: DUP1
00000077: ISZERO
00000078: PUSH2 0x007f
0000007b: JUMPI
0000007c: DUP2
0000007d: DUP5
0000007e: RETURN
0000007f: JUMPDEST
00000080: DUP2
00000081: DUP5
00000082: REVERT
00000083: JUMPDEST
00000084: CALLVALUE
00000085: DUP1
00000086: ISZERO
00000087: PUSH2 0x008f
0000008a: JUMPI
0000008b: PUSH1 0x00
0000008d: DUP1
0000008e: REVERT
0000008f: JUMPDEST
00000090: POP
00000091: PUSH2 0x0098
00000094: PUSH2 0x0156
00000097: JUMP
00000098: JUMPDEST
00000099: PUSH1 0x40
0000009b: DUP1
0000009c: MLOAD
0000009d: PUSH1 0x01
0000009f: PUSH1 0x01
000000a1: PUSH1 0xa0
000000a3: SHL
000000a4: SUB
000000a5: SWAP1
000000a6: SWAP3
000000a7: AND
000000a8: DUP3
000000a9: MSTORE
000000aa: MLOAD
000000ab: SWAP1
000000ac: DUP2
000000ad: SWAP1
000000ae: SUB
000000af: PUSH1 0x20
000000b1: ADD
000000b2: SWAP1
000000b3: RETURN
000000b4: JUMPDEST
000000b5: CALLVALUE
000000b6: DUP1
000000b7: ISZERO
000000b8: PUSH2 0x00c0
000000bb: JUMPI
000000bc: PUSH1 0x00
000000be: DUP1
000000bf: REVERT
000000c0: JUMPDEST
000000c1: POP
000000c2: PUSH2 0x00e7
000000c5: PUSH1 0x04
000000c7: DUP1
000000c8: CALLDATASIZE
000000c9: SUB
000000ca: PUSH1 0x20
000000cc: DUP2
000000cd: LT
000000ce: ISZERO
000000cf: PUSH2 0x00d7
000000d2: JUMPI
000000d3: PUSH1 0x00
000000d5: DUP1
000000d6: REVERT
000000d7: JUMPDEST
000000d8: POP
000000d9: CALLDATALOAD
000000da: PUSH1 0x01
000000dc: PUSH1 0x01
000000de: PUSH1 0xa0
000000e0: SHL
000000e1: SUB
000000e2: AND
000000e3: PUSH2 0x017b
000000e6: JUMP
000000e7: JUMPDEST
000000e8: STOP
000000e9: JUMPDEST
000000ea: CALLVALUE
000000eb: DUP1
000000ec: ISZERO
000000ed: PUSH2 0x00f5
000000f0: JUMPI
000000f1: PUSH1 0x00
000000f3: DUP1
000000f4: REVERT
000000f5: JUMPDEST
000000f6: POP
000000f7: PUSH2 0x0098
000000fa: PUSH2 0x0131
000000fd: JUMP
000000fe: JUMPDEST
000000ff: CALLVALUE
00000100: DUP1
00000101: ISZERO
00000102: PUSH2 0x010a
00000105: JUMPI
00000106: PUSH1 0x00
00000108: DUP1
00000109: REVERT
0000010a: JUMPDEST
0000010b: POP
0000010c: PUSH2 0x00e7
0000010f: PUSH1 0x04
00000111: DUP1
00000112: CALLDATASIZE
00000113: SUB
00000114: PUSH1 0x20
00000116: DUP2
00000117: LT
00000118: ISZERO
00000119: PUSH2 0x0121
0000011c: JUMPI
0000011d: PUSH1 0x00
0000011f: DUP1
00000120: REVERT
00000121: JUMPDEST
00000122: POP
00000123: CALLDATALOAD
00000124: PUSH1 0x01
00000126: PUSH1 0x01
00000128: PUSH1 0xa0
0000012a: SHL
0000012b: SUB
0000012c: AND
0000012d: PUSH2 0x01ac
00000130: JUMP
00000131: JUMPDEST
00000132: PUSH32 0x7fb5080a7084f4c60aade0a78fc13ba4ba6555b60e554360d005f0d684cea186
00000153: SLOAD
00000154: SWAP1
00000155: JUMP
00000156: JUMPDEST
00000157: PUSH32 0x2dbc9b6b8d09ee15269835797a45b6f772b81406ec218e6fd64b114f376266ba
00000178: SLOAD
00000179: SWAP1
0000017a: JUMP
0000017b: JUMPDEST
0000017c: PUSH2 0x0183
0000017f: PUSH2 0x0156
00000182: JUMP
00000183: JUMPDEST
00000184: PUSH1 0x01
00000186: PUSH1 0x01
00000188: PUSH1 0xa0
0000018a: SHL
0000018b: SUB
0000018c: AND
0000018d: CALLER
0000018e: PUSH1 0x01
00000190: PUSH1 0x01
00000192: PUSH1 0xa0
00000194: SHL
00000195: SUB
00000196: AND
00000197: EQ
00000198: PUSH2 0x01a0
0000019b: JUMPI
0000019c: PUSH1 0x00
0000019e: DUP1
0000019f: REVERT
000001a0: JUMPDEST
000001a1: PUSH2 0x01a9
000001a4: DUP2
000001a5: PUSH2 0x023b
000001a8: JUMP
000001a9: JUMPDEST
000001aa: POP
000001ab: JUMP
000001ac: JUMPDEST
000001ad: PUSH2 0x01b4
000001b0: PUSH2 0x0156
000001b3: JUMP
000001b4: JUMPDEST
000001b5: PUSH1 0x01
000001b7: PUSH1 0x01
000001b9: PUSH1 0xa0
000001bb: SHL
000001bc: SUB
000001bd: AND
000001be: CALLER
000001bf: PUSH1 0x01
000001c1: PUSH1 0x01
000001c3: PUSH1 0xa0
000001c5: SHL
000001c6: SUB
000001c7: AND
000001c8: EQ
000001c9: PUSH2 0x01d1
000001cc: JUMPI
000001cd: PUSH1 0x00
000001cf: DUP1
000001d0: REVERT
000001d1: JUMPDEST
000001d2: PUSH1 0x01
000001d4: PUSH1 0x01
000001d6: PUSH1 0xa0
000001d8: SHL
000001d9: SUB
000001da: DUP2
000001db: AND
000001dc: PUSH2 0x01e4
000001df: JUMPI
000001e0: PUSH1 0x00
000001e2: DUP1
000001e3: REVERT
000001e4: JUMPDEST
000001e5: PUSH2 0x01ed
000001e8: DUP2
000001e9: PUSH2 0x02a7
000001ec: JUMP
000001ed: JUMPDEST
000001ee: PUSH32 0x5a3e66efaa1e445ebd894728a69d6959842ea1e97bd79b892797106e270efcd9
0000020f: PUSH2 0x0216
00000212: PUSH2 0x0156
00000215: JUMP
00000216: JUMPDEST
00000217: PUSH1 0x40
00000219: DUP1
0000021a: MLOAD
0000021b: PUSH1 0x01
0000021d: PUSH1 0x01
0000021f: PUSH1 0xa0
00000221: SHL
00000222: SUB
00000223: SWAP3
00000224: DUP4
00000225: AND
00000226: DUP2
00000227: MSTORE
00000228: SWAP2
00000229: DUP5
0000022a: AND
0000022b: PUSH1 0x20
0000022d: DUP4
0000022e: ADD
0000022f: MSTORE
00000230: DUP1
00000231: MLOAD
00000232: SWAP2
00000233: DUP3
00000234: SWAP1
00000235: SUB
00000236: ADD
00000237: SWAP1
00000238: LOG1
00000239: POP
0000023a: JUMP
0000023b: JUMPDEST
0000023c: PUSH1 0x00
0000023e: PUSH2 0x0245
00000241: PUSH2 0x0131
00000244: JUMP
00000245: JUMPDEST
00000246: SWAP1
00000247: POP
00000248: DUP2
00000249: PUSH1 0x01
0000024b: PUSH1 0x01
0000024d: PUSH1 0xa0
0000024f: SHL
00000250: SUB
00000251: AND
00000252: DUP2
00000253: PUSH1 0x01
00000255: PUSH1 0x01
00000257: PUSH1 0xa0
00000259: SHL
0000025a: SUB
0000025b: AND
0000025c: EQ
0000025d: ISZERO
0000025e: PUSH2 0x0266
00000261: JUMPI
00000262: PUSH1 0x00
00000264: DUP1
00000265: REVERT
00000266: JUMPDEST
00000267: PUSH2 0x026f
0000026a: DUP3
0000026b: PUSH2 0x02cb
0000026e: JUMP
0000026f: JUMPDEST
00000270: PUSH1 0x40
00000272: MLOAD
00000273: PUSH1 0x01
00000275: PUSH1 0x01
00000277: PUSH1 0xa0
00000279: SHL
0000027a: SUB
0000027b: DUP4
0000027c: AND
0000027d: SWAP1
0000027e: PUSH32 0xbc7cd75a20ee27fd9adebab32041f755214dbc6bffa90cc0225b39da2e5c2d3b
0000029f: SWAP1
000002a0: PUSH1 0x00
000002a2: SWAP1
000002a3: LOG2
000002a4: POP
000002a5: POP
000002a6: JUMP
000002a7: JUMPDEST
000002a8: PUSH32 0x2dbc9b6b8d09ee15269835797a45b6f772b81406ec218e6fd64b114f376266ba
000002c9: SSTORE
000002ca: JUMP
000002cb: JUMPDEST
000002cc: PUSH32 0x7fb5080a7084f4c60aade0a78fc13ba4ba6555b60e554360d005f0d684cea186
000002ed: SSTORE
000002ee: JUMP
000002ef: INVALID
000002f0: LOG2
000002f1: PUSH5 0x6970667358
000002f7: UNKNOWN(0x22)
000002f8: SLT
000002f9: KECCAK256
000002fa: SWAP3
000002fb: DUP6
000002fc: UNKNOWN(0x27)
000002fd: UNKNOWN(0xB9)
000002fe: PUSH32 0xe15076c02f362991e48e7c354e9022ff351f130f31f0b87dc24e8264736f6c63
0000031f: NUMBER
00000320: STOP
00000321: MOD
00000322: UNKNOWN(0x0C)
00000323: STOP
00000324: CALLER
View stderr 
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
critical upgradeability detector Untrusted DELEGATECALL target reachable 70 no no
view
trace_id: 0xbd1566596bbee069021a9cd938467866a785a53ce2327171752d022fcf928037
validation_json 
{
    "sink": "DELEGATECALL",
    "errors": 0,
    "status": "unknown",
    "attempts": 48,
    "trace_id": "0xbd1566596bbee069021a9cd938467866a785a53ce2327171752d022fcf928037",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": null,
    "matched_probe": null,
    "target_varies": null,
    "classification": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x025313a2",
            "selector": "0x025313a2",
            "calldata_variants": [
                "0x025313a2",
                "0x025313a20000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x3659cfe6",
            "selector": "0x3659cfe6",
            "calldata_variants": [
                "0x3659cfe6",
                "0x3659cfe60000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x5c60da1b",
            "selector": "0x5c60da1b",
            "calldata_variants": [
                "0x5c60da1b",
                "0x5c60da1b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf1739cae",
            "selector": "0xf1739cae",
            "calldata_variants": [
                "0xf1739cae",
                "0xf1739cae0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 110,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        }
    ],
    "guards_detected": [],
    "delegatecall_count": 1,
    "untrusted_delegatecall_count": 1
}