TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b3844-9df9-724f-abb3-993733844457

complete
Chain ID
1
Address
0x3980c9ed79d2c191a89e02fa3529c60ed6e9c04b
Block Number
Created
Fri, Dec 19, 2025 8:19 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
1
Validated
1
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted DELEGATECALL target reachable
crit 0 high 1 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
14843 artifact.fetch complete 1 / 3 3 months ago
14844 tool.cast_disasm complete 1 / 3 3 months ago
57653 analysis.bundle complete 1 / 3 1 week ago
57654 capability.graph complete 1 / 3 1 week ago
57655 detector.run complete 1 / 3 1 week ago
57656 validation.fork complete 1 / 3 1 week ago
113448 report.consolidate complete 1 / 6 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate
Job Status
complete
Attempts
1 / 6
Findings
0
No findings?
View stderr 
OpenAI Codex v0.118.0 (research preview)
--------
workdir: /tmp/codex-x9flgui8
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: none
session id: 019d5c94-510f-7822-baaf-31136eb6cf4a
--------
user
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.

Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.

Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".

Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime.
ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.
ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.
Metadata 
{
    "codex": {
        "ran_at": "2026-04-05T07:38:39.385642+00:00",
        "returncode": 1
    },
    "project": {
        "mode": "bytecode",
        "bytecode_length": 4996,
        "bytecode_truncated": false,
        "capability_graph_present": true,
        "analysis_artifact_present": true
    },
    "summary": null,
    "no_findings": null,
    "schema_version": 1
}

Opcode Heuristics

tool.cast_disasm
Delegatecall
1
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
1
EXT*/BALANCE
2
Total opcodes
997
Flags
delegatecall_present create_opcodes_present
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: PUSH2 0x005a
0000000c: JUMPI
0000000d: PUSH1 0x00
0000000f: CALLDATALOAD
00000010: PUSH1 0xe0
00000012: SHR
00000013: DUP1
00000014: PUSH4 0x893d20e8
00000019: GT
0000001a: PUSH2 0x0043
0000001d: JUMPI
0000001e: DUP1
0000001f: PUSH4 0x893d20e8
00000024: EQ
00000025: PUSH2 0x00a4
00000028: JUMPI
00000029: DUP1
0000002a: PUSH4 0x9b0b0fda
0000002f: EQ
00000030: PUSH2 0x00e2
00000033: JUMPI
00000034: DUP1
00000035: PUSH4 0xaaf10f42
0000003a: EQ
0000003b: PUSH2 0x0102
0000003e: JUMPI
0000003f: PUSH2 0x005a
00000042: JUMP
00000043: JUMPDEST
00000044: DUP1
00000045: PUSH4 0x13af4035
0000004a: EQ
0000004b: PUSH2 0x0064
0000004e: JUMPI
0000004f: DUP1
00000050: PUSH4 0x6c5d4ad0
00000055: EQ
00000056: PUSH2 0x0084
00000059: JUMPI
0000005a: JUMPDEST
0000005b: PUSH2 0x0062
0000005e: PUSH2 0x0117
00000061: JUMP
00000062: JUMPDEST
00000063: STOP
00000064: JUMPDEST
00000065: CALLVALUE
00000066: DUP1
00000067: ISZERO
00000068: PUSH2 0x0070
0000006b: JUMPI
0000006c: PUSH1 0x00
0000006e: DUP1
0000006f: REVERT
00000070: JUMPDEST
00000071: POP
00000072: PUSH2 0x0062
00000075: PUSH2 0x007f
00000078: CALLDATASIZE
00000079: PUSH1 0x04
0000007b: PUSH2 0x0792
0000007e: JUMP
0000007f: JUMPDEST
00000080: PUSH2 0x03ba
00000083: JUMP
00000084: JUMPDEST
00000085: CALLVALUE
00000086: DUP1
00000087: ISZERO
00000088: PUSH2 0x0090
0000008b: JUMPI
0000008c: PUSH1 0x00
0000008e: DUP1
0000008f: REVERT
00000090: JUMPDEST
00000091: POP
00000092: PUSH2 0x0062
00000095: PUSH2 0x009f
00000098: CALLDATASIZE
00000099: PUSH1 0x04
0000009b: PUSH2 0x07fe
0000009e: JUMP
0000009f: JUMPDEST
000000a0: PUSH2 0x044b
000000a3: JUMP
000000a4: JUMPDEST
000000a5: CALLVALUE
000000a6: DUP1
000000a7: ISZERO
000000a8: PUSH2 0x00b0
000000ab: JUMPI
000000ac: PUSH1 0x00
000000ae: DUP1
000000af: REVERT
000000b0: JUMPDEST
000000b1: POP
000000b2: PUSH2 0x00b9
000000b5: PUSH2 0x0601
000000b8: JUMP
000000b9: JUMPDEST
000000ba: PUSH1 0x40
000000bc: MLOAD
000000bd: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000d2: SWAP1
000000d3: SWAP2
000000d4: AND
000000d5: DUP2
000000d6: MSTORE
000000d7: PUSH1 0x20
000000d9: ADD
000000da: PUSH1 0x40
000000dc: MLOAD
000000dd: DUP1
000000de: SWAP2
000000df: SUB
000000e0: SWAP1
000000e1: RETURN
000000e2: JUMPDEST
000000e3: CALLVALUE
000000e4: DUP1
000000e5: ISZERO
000000e6: PUSH2 0x00ee
000000e9: JUMPI
000000ea: PUSH1 0x00
000000ec: DUP1
000000ed: REVERT
000000ee: JUMPDEST
000000ef: POP
000000f0: PUSH2 0x0062
000000f3: PUSH2 0x00fd
000000f6: CALLDATASIZE
000000f7: PUSH1 0x04
000000f9: PUSH2 0x08cd
000000fc: JUMP
000000fd: JUMPDEST
000000fe: PUSH2 0x0698
00000101: JUMP
00000102: JUMPDEST
00000103: CALLVALUE
00000104: DUP1
00000105: ISZERO
00000106: PUSH2 0x010e
00000109: JUMPI
0000010a: PUSH1 0x00
0000010c: DUP1
0000010d: REVERT
0000010e: JUMPDEST
0000010f: POP
00000110: PUSH2 0x00b9
00000113: PUSH2 0x0706
00000116: JUMP
00000117: JUMPDEST
00000118: PUSH1 0x00
0000011a: PUSH2 0x0141
0000011d: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103
0000013e: SLOAD
0000013f: SWAP1
00000140: JUMP
00000141: JUMPDEST
00000142: PUSH1 0x40
00000144: DUP1
00000145: MLOAD
00000146: PUSH1 0x04
00000148: DUP2
00000149: MSTORE
0000014a: PUSH1 0x24
0000014c: DUP2
0000014d: ADD
0000014e: DUP3
0000014f: MSTORE
00000150: PUSH1 0x20
00000152: DUP2
00000153: ADD
00000154: DUP1
00000155: MLOAD
00000156: PUSH28 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffff
00000173: AND
00000174: PUSH32 0xb794726200000000000000000000000000000000000000000000000000000000
00000195: OR
00000196: SWAP1
00000197: MSTORE
00000198: SWAP1
00000199: MLOAD
0000019a: SWAP2
0000019b: SWAP3
0000019c: POP
0000019d: PUSH1 0x00
0000019f: SWAP2
000001a0: DUP3
000001a1: SWAP2
000001a2: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001b7: DUP6
000001b8: AND
000001b9: SWAP2
000001ba: PUSH2 0x01c3
000001bd: SWAP2
000001be: SWAP1
000001bf: PUSH2 0x092a
000001c2: JUMP
000001c3: JUMPDEST
000001c4: PUSH1 0x00
000001c6: PUSH1 0x40
000001c8: MLOAD
000001c9: DUP1
000001ca: DUP4
000001cb: SUB
000001cc: DUP2
000001cd: DUP6
000001ce: GAS
000001cf: STATICCALL
000001d0: SWAP2
000001d1: POP
000001d2: POP
000001d3: RETURNDATASIZE
000001d4: DUP1
000001d5: PUSH1 0x00
000001d7: DUP2
000001d8: EQ
000001d9: PUSH2 0x01fe
000001dc: JUMPI
000001dd: PUSH1 0x40
000001df: MLOAD
000001e0: SWAP2
000001e1: POP
000001e2: PUSH1 0x1f
000001e4: NOT
000001e5: PUSH1 0x3f
000001e7: RETURNDATASIZE
000001e8: ADD
000001e9: AND
000001ea: DUP3
000001eb: ADD
000001ec: PUSH1 0x40
000001ee: MSTORE
000001ef: RETURNDATASIZE
000001f0: DUP3
000001f1: MSTORE
000001f2: RETURNDATASIZE
000001f3: PUSH1 0x00
000001f5: PUSH1 0x20
000001f7: DUP5
000001f8: ADD
000001f9: RETURNDATACOPY
000001fa: PUSH2 0x0203
000001fd: JUMP
000001fe: JUMPDEST
000001ff: PUSH1 0x60
00000201: SWAP2
00000202: POP
00000203: JUMPDEST
00000204: POP
00000205: SWAP2
00000206: POP
00000207: SWAP2
00000208: POP
00000209: DUP2
0000020a: DUP1
0000020b: ISZERO
0000020c: PUSH2 0x0216
0000020f: JUMPI
00000210: POP
00000211: DUP1
00000212: MLOAD
00000213: PUSH1 0x20
00000215: EQ
00000216: JUMPDEST
00000217: ISZERO
00000218: PUSH2 0x02c8
0000021b: JUMPI
0000021c: PUSH1 0x00
0000021e: DUP2
0000021f: DUP1
00000220: PUSH1 0x20
00000222: ADD
00000223: SWAP1
00000224: MLOAD
00000225: DUP2
00000226: ADD
00000227: SWAP1
00000228: PUSH2 0x0231
0000022b: SWAP2
0000022c: SWAP1
0000022d: PUSH2 0x0936
00000230: JUMP
00000231: JUMPDEST
00000232: SWAP1
00000233: POP
00000234: DUP1
00000235: ISZERO
00000236: PUSH2 0x02c6
00000239: JUMPI
0000023a: PUSH1 0x40
0000023c: MLOAD
0000023d: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000
0000025e: DUP2
0000025f: MSTORE
00000260: PUSH1 0x20
00000262: PUSH1 0x04
00000264: DUP3
00000265: ADD
00000266: MSTORE
00000267: PUSH1 0x35
00000269: PUSH1 0x24
0000026b: DUP3
0000026c: ADD
0000026d: MSTORE
0000026e: PUSH32 0x4c314368756753706c61736850726f78793a2073797374656d20697320637572
0000028f: PUSH1 0x44
00000291: DUP3
00000292: ADD
00000293: MSTORE
00000294: PUSH32 0x72656e746c79206265696e672075706772616465640000000000000000000000
000002b5: PUSH1 0x64
000002b7: DUP3
000002b8: ADD
000002b9: MSTORE
000002ba: PUSH1 0x84
000002bc: ADD
000002bd: JUMPDEST
000002be: PUSH1 0x40
000002c0: MLOAD
000002c1: DUP1
000002c2: SWAP2
000002c3: SUB
000002c4: SWAP1
000002c5: REVERT
000002c6: JUMPDEST
000002c7: POP
000002c8: JUMPDEST
000002c9: PUSH1 0x00
000002cb: PUSH2 0x02f2
000002ce: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc
000002ef: SLOAD
000002f0: SWAP1
000002f1: JUMP
000002f2: JUMPDEST
000002f3: SWAP1
000002f4: POP
000002f5: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000030a: DUP2
0000030b: AND
0000030c: PUSH2 0x0397
0000030f: JUMPI
00000310: PUSH1 0x40
00000312: MLOAD
00000313: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000
00000334: DUP2
00000335: MSTORE
00000336: PUSH1 0x20
00000338: PUSH1 0x04
0000033a: DUP3
0000033b: ADD
0000033c: MSTORE
0000033d: PUSH1 0x30
0000033f: PUSH1 0x24
00000341: DUP3
00000342: ADD
00000343: MSTORE
00000344: PUSH32 0x4c314368756753706c61736850726f78793a20696d706c656d656e746174696f
00000365: PUSH1 0x44
00000367: DUP3
00000368: ADD
00000369: MSTORE
0000036a: PUSH32 0x6e206973206e6f74207365742079657400000000000000000000000000000000
0000038b: PUSH1 0x64
0000038d: DUP3
0000038e: ADD
0000038f: MSTORE
00000390: PUSH1 0x84
00000392: ADD
00000393: PUSH2 0x02bd
00000396: JUMP
00000397: JUMPDEST
00000398: CALLDATASIZE
00000399: PUSH1 0x00
0000039b: DUP1
0000039c: CALLDATACOPY
0000039d: PUSH1 0x00
0000039f: DUP1
000003a0: CALLDATASIZE
000003a1: PUSH1 0x00
000003a3: DUP5
000003a4: GAS
000003a5: DELEGATECALL
000003a6: RETURNDATASIZE
000003a7: PUSH1 0x00
000003a9: DUP1
000003aa: RETURNDATACOPY
000003ab: DUP1
000003ac: PUSH2 0x03b4
000003af: JUMPI
000003b0: RETURNDATASIZE
000003b1: PUSH1 0x00
000003b3: REVERT
000003b4: JUMPDEST
000003b5: POP
000003b6: RETURNDATASIZE
000003b7: PUSH1 0x00
000003b9: RETURN
000003ba: JUMPDEST
000003bb: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103
000003dc: SLOAD
000003dd: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000003f2: AND
000003f3: CALLER
000003f4: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000409: AND
0000040a: EQ
0000040b: DUP1
0000040c: PUSH2 0x0413
0000040f: JUMPI
00000410: POP
00000411: CALLER
00000412: ISZERO
00000413: JUMPDEST
00000414: ISZERO
00000415: PUSH2 0x0443
00000418: JUMPI
00000419: PUSH2 0x0440
0000041c: DUP2
0000041d: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103
0000043e: SSTORE
0000043f: JUMP
00000440: JUMPDEST
00000441: POP
00000442: JUMP
00000443: JUMPDEST
00000444: PUSH2 0x0440
00000447: PUSH2 0x0117
0000044a: JUMP
0000044b: JUMPDEST
0000044c: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103
0000046d: SLOAD
0000046e: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000483: AND
00000484: CALLER
00000485: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000049a: AND
0000049b: EQ
0000049c: DUP1
0000049d: PUSH2 0x04a4
000004a0: JUMPI
000004a1: POP
000004a2: CALLER
000004a3: ISZERO
000004a4: JUMPDEST
000004a5: ISZERO
000004a6: PUSH2 0x0443
000004a9: JUMPI
000004aa: PUSH1 0x00
000004ac: PUSH2 0x04d3
000004af: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc
000004d0: SLOAD
000004d1: SWAP1
000004d2: JUMP
000004d3: JUMPDEST
000004d4: SWAP1
000004d5: POP
000004d6: DUP1
000004d7: EXTCODEHASH
000004d8: DUP3
000004d9: MLOAD
000004da: PUSH1 0x20
000004dc: DUP5
000004dd: ADD
000004de: KECCAK256
000004df: EQ
000004e0: ISZERO
000004e1: PUSH2 0x04e8
000004e4: JUMPI
000004e5: POP
000004e6: POP
000004e7: JUMP
000004e8: JUMPDEST
000004e9: PUSH1 0x40
000004eb: MLOAD
000004ec: PUSH1 0x00
000004ee: SWAP1
000004ef: PUSH2 0x051e
000004f2: SWAP1
000004f3: PUSH32 0x600d380380600d6000396000f300000000000000000000000000000000000000
00000514: SWAP1
00000515: DUP6
00000516: SWAP1
00000517: PUSH1 0x20
00000519: ADD
0000051a: PUSH2 0x094f
0000051d: JUMP
0000051e: JUMPDEST
0000051f: PUSH1 0x40
00000521: MLOAD
00000522: PUSH1 0x20
00000524: DUP2
00000525: DUP4
00000526: SUB
00000527: SUB
00000528: DUP2
00000529: MSTORE
0000052a: SWAP1
0000052b: PUSH1 0x40
0000052d: MSTORE
0000052e: SWAP1
0000052f: POP
00000530: PUSH1 0x00
00000532: DUP2
00000533: MLOAD
00000534: PUSH1 0x20
00000536: DUP4
00000537: ADD
00000538: PUSH1 0x00
0000053a: CREATE
0000053b: DUP5
0000053c: MLOAD
0000053d: PUSH1 0x20
0000053f: DUP7
00000540: ADD
00000541: KECCAK256
00000542: SWAP1
00000543: SWAP2
00000544: POP
00000545: DUP2
00000546: EXTCODEHASH
00000547: EQ
00000548: PUSH2 0x05d3
0000054b: JUMPI
0000054c: PUSH1 0x40
0000054e: MLOAD
0000054f: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000
00000570: DUP2
00000571: MSTORE
00000572: PUSH1 0x20
00000574: PUSH1 0x04
00000576: DUP3
00000577: ADD
00000578: MSTORE
00000579: PUSH1 0x33
0000057b: PUSH1 0x24
0000057d: DUP3
0000057e: ADD
0000057f: MSTORE
00000580: PUSH32 0x4c314368756753706c61736850726f78793a20636f646520776173206e6f7420
000005a1: PUSH1 0x44
000005a3: DUP3
000005a4: ADD
000005a5: MSTORE
000005a6: PUSH32 0x636f72726563746c79206465706c6f7965642e00000000000000000000000000
000005c7: PUSH1 0x64
000005c9: DUP3
000005ca: ADD
000005cb: MSTORE
000005cc: PUSH1 0x84
000005ce: ADD
000005cf: PUSH2 0x02bd
000005d2: JUMP
000005d3: JUMPDEST
000005d4: PUSH2 0x05fb
000005d7: DUP2
000005d8: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc
000005f9: SSTORE
000005fa: JUMP
000005fb: JUMPDEST
000005fc: POP
000005fd: POP
000005fe: POP
000005ff: POP
00000600: JUMP
00000601: JUMPDEST
00000602: PUSH1 0x00
00000604: PUSH2 0x062b
00000607: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103
00000628: SLOAD
00000629: SWAP1
0000062a: JUMP
0000062b: JUMPDEST
0000062c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000641: AND
00000642: CALLER
00000643: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000658: AND
00000659: EQ
0000065a: DUP1
0000065b: PUSH2 0x0662
0000065e: JUMPI
0000065f: POP
00000660: CALLER
00000661: ISZERO
00000662: JUMPDEST
00000663: ISZERO
00000664: PUSH2 0x068d
00000667: JUMPI
00000668: POP
00000669: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103
0000068a: SLOAD
0000068b: SWAP1
0000068c: JUMP
0000068d: JUMPDEST
0000068e: PUSH2 0x0695
00000691: PUSH2 0x0117
00000694: JUMP
00000695: JUMPDEST
00000696: SWAP1
00000697: JUMP
00000698: JUMPDEST
00000699: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103
000006ba: SLOAD
000006bb: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000006d0: AND
000006d1: CALLER
000006d2: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000006e7: AND
000006e8: EQ
000006e9: DUP1
000006ea: PUSH2 0x06f1
000006ed: JUMPI
000006ee: POP
000006ef: CALLER
000006f0: ISZERO
000006f1: JUMPDEST
000006f2: ISZERO
000006f3: PUSH2 0x06fa
000006f6: JUMPI
000006f7: SWAP1
000006f8: SSTORE
000006f9: JUMP
000006fa: JUMPDEST
000006fb: PUSH2 0x0702
000006fe: PUSH2 0x0117
00000701: JUMP
00000702: JUMPDEST
00000703: POP
00000704: POP
00000705: JUMP
00000706: JUMPDEST
00000707: PUSH1 0x00
00000709: PUSH2 0x0730
0000070c: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103
0000072d: SLOAD
0000072e: SWAP1
0000072f: JUMP
00000730: JUMPDEST
00000731: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000746: AND
00000747: CALLER
00000748: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000075d: AND
0000075e: EQ
0000075f: DUP1
00000760: PUSH2 0x0767
00000763: JUMPI
00000764: POP
00000765: CALLER
00000766: ISZERO
00000767: JUMPDEST
00000768: ISZERO
00000769: PUSH2 0x068d
0000076c: JUMPI
0000076d: POP
0000076e: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc
0000078f: SLOAD
00000790: SWAP1
00000791: JUMP
00000792: JUMPDEST
00000793: PUSH1 0x00
00000795: PUSH1 0x20
00000797: DUP3
00000798: DUP5
00000799: SUB
0000079a: SLT
0000079b: ISZERO
0000079c: PUSH2 0x07a4
0000079f: JUMPI
000007a0: PUSH1 0x00
000007a2: DUP1
000007a3: REVERT
000007a4: JUMPDEST
000007a5: DUP2
000007a6: CALLDATALOAD
000007a7: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000007bc: DUP2
000007bd: AND
000007be: DUP2
000007bf: EQ
000007c0: PUSH2 0x07c8
000007c3: JUMPI
000007c4: PUSH1 0x00
000007c6: DUP1
000007c7: REVERT
000007c8: JUMPDEST
000007c9: SWAP4
000007ca: SWAP3
000007cb: POP
000007cc: POP
000007cd: POP
000007ce: JUMP
000007cf: JUMPDEST
000007d0: PUSH32 0x4e487b7100000000000000000000000000000000000000000000000000000000
000007f1: PUSH1 0x00
000007f3: MSTORE
000007f4: PUSH1 0x41
000007f6: PUSH1 0x04
000007f8: MSTORE
000007f9: PUSH1 0x24
000007fb: PUSH1 0x00
000007fd: REVERT
000007fe: JUMPDEST
000007ff: PUSH1 0x00
00000801: PUSH1 0x20
00000803: DUP3
00000804: DUP5
00000805: SUB
00000806: SLT
00000807: ISZERO
00000808: PUSH2 0x0810
0000080b: JUMPI
0000080c: PUSH1 0x00
0000080e: DUP1
0000080f: REVERT
00000810: JUMPDEST
00000811: DUP2
00000812: CALLDATALOAD
00000813: PUSH8 0xffffffffffffffff
0000081c: DUP1
0000081d: DUP3
0000081e: GT
0000081f: ISZERO
00000820: PUSH2 0x0828
00000823: JUMPI
00000824: PUSH1 0x00
00000826: DUP1
00000827: REVERT
00000828: JUMPDEST
00000829: DUP2
0000082a: DUP5
0000082b: ADD
0000082c: SWAP2
0000082d: POP
0000082e: DUP5
0000082f: PUSH1 0x1f
00000831: DUP4
00000832: ADD
00000833: SLT
00000834: PUSH2 0x083c
00000837: JUMPI
00000838: PUSH1 0x00
0000083a: DUP1
0000083b: REVERT
0000083c: JUMPDEST
0000083d: DUP2
0000083e: CALLDATALOAD
0000083f: DUP2
00000840: DUP2
00000841: GT
00000842: ISZERO
00000843: PUSH2 0x084e
00000846: JUMPI
00000847: PUSH2 0x084e
0000084a: PUSH2 0x07cf
0000084d: JUMP
0000084e: JUMPDEST
0000084f: PUSH1 0x40
00000851: MLOAD
00000852: PUSH1 0x1f
00000854: DUP3
00000855: ADD
00000856: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0
00000877: SWAP1
00000878: DUP2
00000879: AND
0000087a: PUSH1 0x3f
0000087c: ADD
0000087d: AND
0000087e: DUP2
0000087f: ADD
00000880: SWAP1
00000881: DUP4
00000882: DUP3
00000883: GT
00000884: DUP2
00000885: DUP4
00000886: LT
00000887: OR
00000888: ISZERO
00000889: PUSH2 0x0894
0000088c: JUMPI
0000088d: PUSH2 0x0894
00000890: PUSH2 0x07cf
00000893: JUMP
00000894: JUMPDEST
00000895: DUP2
00000896: PUSH1 0x40
00000898: MSTORE
00000899: DUP3
0000089a: DUP2
0000089b: MSTORE
0000089c: DUP8
0000089d: PUSH1 0x20
0000089f: DUP5
000008a0: DUP8
000008a1: ADD
000008a2: ADD
000008a3: GT
000008a4: ISZERO
000008a5: PUSH2 0x08ad
000008a8: JUMPI
000008a9: PUSH1 0x00
000008ab: DUP1
000008ac: REVERT
000008ad: JUMPDEST
000008ae: DUP3
000008af: PUSH1 0x20
000008b1: DUP7
000008b2: ADD
000008b3: PUSH1 0x20
000008b5: DUP4
000008b6: ADD
000008b7: CALLDATACOPY
000008b8: PUSH1 0x00
000008ba: SWAP3
000008bb: DUP2
000008bc: ADD
000008bd: PUSH1 0x20
000008bf: ADD
000008c0: SWAP3
000008c1: SWAP1
000008c2: SWAP3
000008c3: MSTORE
000008c4: POP
000008c5: SWAP6
000008c6: SWAP5
000008c7: POP
000008c8: POP
000008c9: POP
000008ca: POP
000008cb: POP
000008cc: JUMP
000008cd: JUMPDEST
000008ce: PUSH1 0x00
000008d0: DUP1
000008d1: PUSH1 0x40
000008d3: DUP4
000008d4: DUP6
000008d5: SUB
000008d6: SLT
000008d7: ISZERO
000008d8: PUSH2 0x08e0
000008db: JUMPI
000008dc: PUSH1 0x00
000008de: DUP1
000008df: REVERT
000008e0: JUMPDEST
000008e1: POP
000008e2: POP
000008e3: DUP1
000008e4: CALLDATALOAD
000008e5: SWAP3
000008e6: PUSH1 0x20
000008e8: SWAP1
000008e9: SWAP2
000008ea: ADD
000008eb: CALLDATALOAD
000008ec: SWAP2
000008ed: POP
000008ee: JUMP
000008ef: JUMPDEST
000008f0: PUSH1 0x00
000008f2: DUP2
000008f3: MLOAD
000008f4: PUSH1 0x00
000008f6: JUMPDEST
000008f7: DUP2
000008f8: DUP2
000008f9: LT
000008fa: ISZERO
000008fb: PUSH2 0x0910
000008fe: JUMPI
000008ff: PUSH1 0x20
00000901: DUP2
00000902: DUP6
00000903: ADD
00000904: DUP2
00000905: ADD
00000906: MLOAD
00000907: DUP7
00000908: DUP4
00000909: ADD
0000090a: MSTORE
0000090b: ADD
0000090c: PUSH2 0x08f6
0000090f: JUMP
00000910: JUMPDEST
00000911: DUP2
00000912: DUP2
00000913: GT
00000914: ISZERO
00000915: PUSH2 0x091f
00000918: JUMPI
00000919: PUSH1 0x00
0000091b: DUP3
0000091c: DUP7
0000091d: ADD
0000091e: MSTORE
0000091f: JUMPDEST
00000920: POP
00000921: SWAP3
00000922: SWAP1
00000923: SWAP3
00000924: ADD
00000925: SWAP3
00000926: SWAP2
00000927: POP
00000928: POP
00000929: JUMP
0000092a: JUMPDEST
0000092b: PUSH1 0x00
0000092d: PUSH2 0x07c8
00000930: DUP3
00000931: DUP5
00000932: PUSH2 0x08ef
00000935: JUMP
00000936: JUMPDEST
00000937: PUSH1 0x00
00000939: PUSH1 0x20
0000093b: DUP3
0000093c: DUP5
0000093d: SUB
0000093e: SLT
0000093f: ISZERO
00000940: PUSH2 0x0948
00000943: JUMPI
00000944: PUSH1 0x00
00000946: DUP1
00000947: REVERT
00000948: JUMPDEST
00000949: POP
0000094a: MLOAD
0000094b: SWAP2
0000094c: SWAP1
0000094d: POP
0000094e: JUMP
0000094f: JUMPDEST
00000950: PUSH32 0xffffffffffffffffffffffffff00000000000000000000000000000000000000
00000971: DUP4
00000972: AND
00000973: DUP2
00000974: MSTORE
00000975: PUSH1 0x00
00000977: PUSH2 0x0983
0000097a: PUSH1 0x0d
0000097c: DUP4
0000097d: ADD
0000097e: DUP5
0000097f: PUSH2 0x08ef
00000982: JUMP
00000983: JUMPDEST
00000984: SWAP5
00000985: SWAP4
00000986: POP
00000987: POP
00000988: POP
00000989: POP
0000098a: JUMP
0000098b: INVALID
0000098c: LOG2
0000098d: PUSH5 0x6970667358
00000993: UNKNOWN(0x22)
00000994: SLT
00000995: KECCAK256
00000996: UNKNOWN(0xDD)
00000997: UNKNOWN(0xE1)
00000998: DUP10
00000999: CREATE
0000099a: MSTORE8
0000099b: UNKNOWN(0xDD)
0000099c: MSTORE8
0000099d: UNKNOWN(0xB9)
0000099e: UNKNOWN(0x2C)
0000099f: UNKNOWN(0xED)
000009a0: UNKNOWN(0xB6)
000009a1: GASPRICE
000009a2: LOG0
000009a3: UNKNOWN(0xB4)
000009a4: PUSH14 0x4d1bba8c55579e196ac7ca5c1368
000009b3: UNKNOWN(0xC5)
000009b4: UNKNOWN(0xDC)
000009b5: DUP3
000009b6: PUSH5 0x736f6c6343
000009bc: STOP
000009bd: ADDMOD
000009be: MULMOD
000009bf: STOP
000009c0: CALLER
View stderr 
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high upgradeability detector Untrusted DELEGATECALL target reachable 55 yes yes
view
trace_id: 0x4b9d81e64cc099c25759e2eb9100645f840f8d94aff0884edf3ec8ef0f985258
call_targets: 0x41675c099f32341bf84bfc5382af534df5c7461a, 0xa0cfe8af2ab5c9232714647702dbacf862ea4798
target_varies: yes
classification: target_varies
validation_json 
{
    "sink": "DELEGATECALL",
    "errors": 0,
    "status": "confirmed",
    "attempts": 1,
    "trace_id": "0x4b9d81e64cc099c25759e2eb9100645f840f8d94aff0884edf3ec8ef0f985258",
    "confirmed": true,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x41675c099f32341bf84bfc5382af534df5c7461a",
        "0xa0cfe8af2ab5c9232714647702dbacf862ea4798"
    ],
    "matched_probe": null,
    "target_varies": true,
    "classification": "target_varies"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x893d20e8",
            "selector": "0x893d20e8",
            "calldata_variants": [
                "0x893d20e8",
                "0x893d20e80000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x9b0b0fda",
            "selector": "0x9b0b0fda",
            "calldata_variants": [
                "0x9b0b0fda",
                "0x9b0b0fda0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xaaf10f42",
            "selector": "0xaaf10f42",
            "calldata_variants": [
                "0xaaf10f42",
                "0xaaf10f420000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x13af4035",
            "selector": "0x13af4035",
            "calldata_variants": [
                "0x13af4035",
                "0x13af40350000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x6c5d4ad0",
            "selector": "0x6c5d4ad0",
            "calldata_variants": [
                "0x6c5d4ad0",
                "0x6c5d4ad00000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 933,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        }
    ],
    "guards_detected": [
        {
            "pc": 1011,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 1156,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 1602,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 1745,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 1863,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ],
    "delegatecall_count": 1,
    "untrusted_delegatecall_count": 1
}
medium other detector CREATE/CREATE2 reachable 45 no no
view
trace_id: 0xc320dd6e9affdc1916c85717eb0c8b5c78ede172012eda724b82e7562c28858b
validation_json 
{
    "sink": "CREATE",
    "errors": 0,
    "status": "unknown",
    "attempts": 10,
    "trace_id": "0xc320dd6e9affdc1916c85717eb0c8b5c78ede172012eda724b82e7562c28858b",
    "confirmed": false,
    "trace_mode": "structLogs",
    "call_targets": null,
    "matched_probe": null,
    "target_varies": null,
    "classification": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x893d20e8",
            "selector": "0x893d20e8",
            "calldata_variants": [
                "0x893d20e8",
                "0x893d20e80000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x9b0b0fda",
            "selector": "0x9b0b0fda",
            "calldata_variants": [
                "0x9b0b0fda",
                "0x9b0b0fda0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xaaf10f42",
            "selector": "0xaaf10f42",
            "calldata_variants": [
                "0xaaf10f42",
                "0xaaf10f420000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x13af4035",
            "selector": "0x13af4035",
            "calldata_variants": [
                "0x13af4035",
                "0x13af40350000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x6c5d4ad0",
            "selector": "0x6c5d4ad0",
            "calldata_variants": [
                "0x6c5d4ad0",
                "0x6c5d4ad00000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "create_count": 2,
    "create2_count": 0
}