TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b3844-a342-7208-bfd8-c4349cad2e36

complete
Chain ID
1
Address
0xe01d2303a25ccf93676b7e953e68877c4f94eae8
Block Number
Created
Fri, Dec 19, 2025 8:19 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted DELEGATECALL target reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
15789 artifact.fetch complete 1 / 3 3 months ago
15790 tool.cast_disasm complete 1 / 3 3 months ago
58541 analysis.bundle complete 1 / 3 1 week ago
58542 capability.graph complete 1 / 3 1 week ago
58543 detector.run complete 1 / 3 1 week ago
58544 validation.fork complete 1 / 3 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
3
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
1
EXT*/BALANCE
2
Total opcodes
398
Flags
delegatecall_present
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: PUSH2 0x0013
00000009: JUMPI
0000000a: PUSH2 0x0011
0000000d: PUSH2 0x0017
00000010: JUMP
00000011: JUMPDEST
00000012: STOP
00000013: JUMPDEST
00000014: PUSH2 0x0011
00000017: JUMPDEST
00000018: PUSH2 0x0027
0000001b: PUSH2 0x0022
0000001e: PUSH2 0x0074
00000021: JUMP
00000022: JUMPDEST
00000023: PUSH2 0x00b9
00000026: JUMP
00000027: JUMPDEST
00000028: JUMP
00000029: JUMPDEST
0000002a: PUSH1 0x60
0000002c: PUSH2 0x004e
0000002f: DUP4
00000030: DUP4
00000031: PUSH1 0x40
00000033: MLOAD
00000034: DUP1
00000035: PUSH1 0x60
00000037: ADD
00000038: PUSH1 0x40
0000003a: MSTORE
0000003b: DUP1
0000003c: PUSH1 0x27
0000003e: DUP2
0000003f: MSTORE
00000040: PUSH1 0x20
00000042: ADD
00000043: PUSH2 0x02fb
00000046: PUSH1 0x27
00000048: SWAP2
00000049: CODECOPY
0000004a: PUSH2 0x00dd
0000004d: JUMP
0000004e: JUMPDEST
0000004f: SWAP4
00000050: SWAP3
00000051: POP
00000052: POP
00000053: POP
00000054: JUMP
00000055: JUMPDEST
00000056: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000006b: AND
0000006c: EXTCODESIZE
0000006d: ISZERO
0000006e: ISZERO
0000006f: SWAP1
00000070: JUMP
00000071: JUMPDEST
00000072: SWAP1
00000073: JUMP
00000074: JUMPDEST
00000075: PUSH1 0x00
00000077: PUSH2 0x00b4
0000007a: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc
0000009b: SLOAD
0000009c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000b1: AND
000000b2: SWAP1
000000b3: JUMP
000000b4: JUMPDEST
000000b5: SWAP1
000000b6: POP
000000b7: SWAP1
000000b8: JUMP
000000b9: JUMPDEST
000000ba: CALLDATASIZE
000000bb: PUSH1 0x00
000000bd: DUP1
000000be: CALLDATACOPY
000000bf: PUSH1 0x00
000000c1: DUP1
000000c2: CALLDATASIZE
000000c3: PUSH1 0x00
000000c5: DUP5
000000c6: GAS
000000c7: DELEGATECALL
000000c8: RETURNDATASIZE
000000c9: PUSH1 0x00
000000cb: DUP1
000000cc: RETURNDATACOPY
000000cd: DUP1
000000ce: DUP1
000000cf: ISZERO
000000d0: PUSH2 0x00d8
000000d3: JUMPI
000000d4: RETURNDATASIZE
000000d5: PUSH1 0x00
000000d7: RETURN
000000d8: JUMPDEST
000000d9: RETURNDATASIZE
000000da: PUSH1 0x00
000000dc: REVERT
000000dd: JUMPDEST
000000de: PUSH1 0x60
000000e0: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000f5: DUP5
000000f6: AND
000000f7: EXTCODESIZE
000000f8: PUSH2 0x0188
000000fb: JUMPI
000000fc: PUSH1 0x40
000000fe: MLOAD
000000ff: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000
00000120: DUP2
00000121: MSTORE
00000122: PUSH1 0x20
00000124: PUSH1 0x04
00000126: DUP3
00000127: ADD
00000128: MSTORE
00000129: PUSH1 0x26
0000012b: PUSH1 0x24
0000012d: DUP3
0000012e: ADD
0000012f: MSTORE
00000130: PUSH32 0x416464726573733a2064656c65676174652063616c6c20746f206e6f6e2d636f
00000151: PUSH1 0x44
00000153: DUP3
00000154: ADD
00000155: MSTORE
00000156: PUSH32 0x6e74726163740000000000000000000000000000000000000000000000000000
00000177: PUSH1 0x64
00000179: DUP3
0000017a: ADD
0000017b: MSTORE
0000017c: PUSH1 0x84
0000017e: ADD
0000017f: JUMPDEST
00000180: PUSH1 0x40
00000182: MLOAD
00000183: DUP1
00000184: SWAP2
00000185: SUB
00000186: SWAP1
00000187: REVERT
00000188: JUMPDEST
00000189: PUSH1 0x00
0000018b: DUP1
0000018c: DUP6
0000018d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001a2: AND
000001a3: DUP6
000001a4: PUSH1 0x40
000001a6: MLOAD
000001a7: PUSH2 0x01b0
000001aa: SWAP2
000001ab: SWAP1
000001ac: PUSH2 0x028d
000001af: JUMP
000001b0: JUMPDEST
000001b1: PUSH1 0x00
000001b3: PUSH1 0x40
000001b5: MLOAD
000001b6: DUP1
000001b7: DUP4
000001b8: SUB
000001b9: DUP2
000001ba: DUP6
000001bb: GAS
000001bc: DELEGATECALL
000001bd: SWAP2
000001be: POP
000001bf: POP
000001c0: RETURNDATASIZE
000001c1: DUP1
000001c2: PUSH1 0x00
000001c4: DUP2
000001c5: EQ
000001c6: PUSH2 0x01eb
000001c9: JUMPI
000001ca: PUSH1 0x40
000001cc: MLOAD
000001cd: SWAP2
000001ce: POP
000001cf: PUSH1 0x1f
000001d1: NOT
000001d2: PUSH1 0x3f
000001d4: RETURNDATASIZE
000001d5: ADD
000001d6: AND
000001d7: DUP3
000001d8: ADD
000001d9: PUSH1 0x40
000001db: MSTORE
000001dc: RETURNDATASIZE
000001dd: DUP3
000001de: MSTORE
000001df: RETURNDATASIZE
000001e0: PUSH1 0x00
000001e2: PUSH1 0x20
000001e4: DUP5
000001e5: ADD
000001e6: RETURNDATACOPY
000001e7: PUSH2 0x01f0
000001ea: JUMP
000001eb: JUMPDEST
000001ec: PUSH1 0x60
000001ee: SWAP2
000001ef: POP
000001f0: JUMPDEST
000001f1: POP
000001f2: SWAP2
000001f3: POP
000001f4: SWAP2
000001f5: POP
000001f6: PUSH2 0x0200
000001f9: DUP3
000001fa: DUP3
000001fb: DUP7
000001fc: PUSH2 0x020a
000001ff: JUMP
00000200: JUMPDEST
00000201: SWAP7
00000202: SWAP6
00000203: POP
00000204: POP
00000205: POP
00000206: POP
00000207: POP
00000208: POP
00000209: JUMP
0000020a: JUMPDEST
0000020b: PUSH1 0x60
0000020d: DUP4
0000020e: ISZERO
0000020f: PUSH2 0x0219
00000212: JUMPI
00000213: POP
00000214: DUP2
00000215: PUSH2 0x004e
00000218: JUMP
00000219: JUMPDEST
0000021a: DUP3
0000021b: MLOAD
0000021c: ISZERO
0000021d: PUSH2 0x0229
00000220: JUMPI
00000221: DUP3
00000222: MLOAD
00000223: DUP1
00000224: DUP5
00000225: PUSH1 0x20
00000227: ADD
00000228: REVERT
00000229: JUMPDEST
0000022a: DUP2
0000022b: PUSH1 0x40
0000022d: MLOAD
0000022e: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000
0000024f: DUP2
00000250: MSTORE
00000251: PUSH1 0x04
00000253: ADD
00000254: PUSH2 0x017f
00000257: SWAP2
00000258: SWAP1
00000259: PUSH2 0x02a9
0000025c: JUMP
0000025d: JUMPDEST
0000025e: PUSH1 0x00
00000260: JUMPDEST
00000261: DUP4
00000262: DUP2
00000263: LT
00000264: ISZERO
00000265: PUSH2 0x0278
00000268: JUMPI
00000269: DUP2
0000026a: DUP2
0000026b: ADD
0000026c: MLOAD
0000026d: DUP4
0000026e: DUP3
0000026f: ADD
00000270: MSTORE
00000271: PUSH1 0x20
00000273: ADD
00000274: PUSH2 0x0260
00000277: JUMP
00000278: JUMPDEST
00000279: DUP4
0000027a: DUP2
0000027b: GT
0000027c: ISZERO
0000027d: PUSH2 0x0287
00000280: JUMPI
00000281: PUSH1 0x00
00000283: DUP5
00000284: DUP5
00000285: ADD
00000286: MSTORE
00000287: JUMPDEST
00000288: POP
00000289: POP
0000028a: POP
0000028b: POP
0000028c: JUMP
0000028d: JUMPDEST
0000028e: PUSH1 0x00
00000290: DUP3
00000291: MLOAD
00000292: PUSH2 0x029f
00000295: DUP2
00000296: DUP5
00000297: PUSH1 0x20
00000299: DUP8
0000029a: ADD
0000029b: PUSH2 0x025d
0000029e: JUMP
0000029f: JUMPDEST
000002a0: SWAP2
000002a1: SWAP1
000002a2: SWAP2
000002a3: ADD
000002a4: SWAP3
000002a5: SWAP2
000002a6: POP
000002a7: POP
000002a8: JUMP
000002a9: JUMPDEST
000002aa: PUSH1 0x20
000002ac: DUP2
000002ad: MSTORE
000002ae: PUSH1 0x00
000002b0: DUP3
000002b1: MLOAD
000002b2: DUP1
000002b3: PUSH1 0x20
000002b5: DUP5
000002b6: ADD
000002b7: MSTORE
000002b8: PUSH2 0x02c8
000002bb: DUP2
000002bc: PUSH1 0x40
000002be: DUP6
000002bf: ADD
000002c0: PUSH1 0x20
000002c2: DUP8
000002c3: ADD
000002c4: PUSH2 0x025d
000002c7: JUMP
000002c8: JUMPDEST
000002c9: PUSH1 0x1f
000002cb: ADD
000002cc: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0
000002ed: AND
000002ee: SWAP2
000002ef: SWAP1
000002f0: SWAP2
000002f1: ADD
000002f2: PUSH1 0x40
000002f4: ADD
000002f5: SWAP3
000002f6: SWAP2
000002f7: POP
000002f8: POP
000002f9: JUMP
000002fa: INVALID
000002fb: COINBASE
000002fc: PUSH5 0x6472657373
00000302: GASPRICE
00000303: KECCAK256
00000304: PUSH13 0x6f772d6c6576656c2064656c65
00000312: PUSH8 0x6174652063616c6c
0000031b: KECCAK256
0000031c: PUSH7 0x61696c6564a264
00000324: PUSH10 0x70667358221220491ab9
0000032f: PUSH8 0x5594191f3f568c41
00000338: POP
00000339: PUSH3 0xa5981b
0000033d: UNKNOWN(0xD4)
0000033e: DUP12
0000033f: UNKNOWN(0xFC)
00000340: LOG0
00000341: UNKNOWN(0x2A)
00000342: UNKNOWN(0xE9)
00000343: SMOD
00000344: PC
00000345: UNKNOWN(0x29)
00000346: SMOD
00000347: DELEGATECALL
00000348: STATICCALL
00000349: PUSH23
View stderr 
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
critical upgradeability detector Untrusted DELEGATECALL target reachable 70 no no
view
trace_id: 0xc461131776c4d9e820bc505d6c886a9840d1874d90e4d481937aacfa59b08022
call_targets: 0xe87a68de82204bfa63e4d626d4c5194481cf3b59
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "DELEGATECALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0xc461131776c4d9e820bc505d6c886a9840d1874d90e4d481937aacfa59b08022",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0xe87a68de82204bfa63e4d626d4c5194481cf3b59"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x",
            "selector": "fallback",
            "calldata_variants": [
                "0x"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 199,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        },
        {
            "pc": 444,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        },
        {
            "pc": 839,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        }
    ],
    "guards_detected": [],
    "delegatecall_count": 3,
    "untrusted_delegatecall_count": 3
}