TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b3844-a4e9-7163-8e21-e5c1a622f101

complete
Chain ID
1
Address
0xc22bea0be9872d8b7b3933cec70ece4d53a900da
Block Number
Created
Fri, Dec 19, 2025 8:19 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
1
Validated
1
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted DELEGATECALL target reachable
crit 1 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
16101 artifact.fetch complete 1 / 3 3 months ago
16102 tool.cast_disasm complete 1 / 3 3 months ago
106577 analysis.bundle complete 1 / 3 1 week ago
106578 capability.graph complete 1 / 3 1 week ago
106579 detector.run complete 1 / 3 1 week ago
106580 validation.fork complete 1 / 3 1 week ago
113910 report.consolidate complete 1 / 6 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate
Job Status
complete
Attempts
1 / 6
Findings
0
No findings?
View stderr 
OpenAI Codex v0.118.0 (research preview)
--------
workdir: /tmp/codex-9mtqqv_z
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: none
session id: 019d5ca2-a982-7f12-ac45-7813ed9dc86c
--------
user
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.

Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.

Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".

Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime.
ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.
ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.
Metadata 
{
    "codex": {
        "ran_at": "2026-04-05T07:54:18.959954+00:00",
        "returncode": 1
    },
    "project": {
        "mode": "bytecode",
        "bytecode_length": 2890,
        "bytecode_truncated": false,
        "capability_graph_present": true,
        "analysis_artifact_present": true
    },
    "summary": null,
    "no_findings": null,
    "schema_version": 1
}

Opcode Heuristics

tool.cast_disasm
Delegatecall
2
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
5
EXT*/BALANCE
4
Total opcodes
824
Flags
delegatecall_present
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: PUSH2 0x0043
0000000c: JUMPI
0000000d: PUSH1 0x00
0000000f: CALLDATALOAD
00000010: PUSH1 0xe0
00000012: SHR
00000013: DUP1
00000014: PUSH4 0x160e8be3
00000019: EQ
0000001a: PUSH2 0x00ef
0000001d: JUMPI
0000001e: DUP1
0000001f: PUSH4 0x4a0687ef
00000024: EQ
00000025: PUSH2 0x010f
00000028: JUMPI
00000029: DUP1
0000002a: PUSH4 0x7687d19b
0000002f: EQ
00000030: PUSH2 0x012f
00000033: JUMPI
00000034: DUP1
00000035: PUSH4 0xcf81464b
0000003a: EQ
0000003b: PUSH2 0x0142
0000003e: JUMPI
0000003f: PUSH2 0x00e5
00000042: JUMP
00000043: JUMPDEST
00000044: CALLDATASIZE
00000045: PUSH2 0x00e5
00000048: JUMPI
00000049: PUSH1 0x40
0000004b: DUP1
0000004c: MLOAD
0000004d: PUSH1 0x00
0000004f: DUP2
00000050: MSTORE
00000051: PUSH1 0x20
00000053: DUP2
00000054: ADD
00000055: SWAP2
00000056: DUP3
00000057: SWAP1
00000058: MSTORE
00000059: PUSH4 0xc68d4283
0000005e: PUSH1 0xe0
00000060: SHL
00000061: SWAP1
00000062: SWAP2
00000063: MSTORE
00000064: ADDRESS
00000065: SWAP1
00000066: PUSH4 0xc68d4283
0000006b: SWAP1
0000006c: PUSH2 0x007c
0000006f: SWAP1
00000070: CALLER
00000071: SWAP1
00000072: CALLVALUE
00000073: SWAP1
00000074: PUSH1 0x24
00000076: DUP2
00000077: ADD
00000078: PUSH2 0x04c0
0000007b: JUMP
0000007c: JUMPDEST
0000007d: PUSH1 0x00
0000007f: PUSH1 0x40
00000081: MLOAD
00000082: DUP1
00000083: DUP4
00000084: SUB
00000085: DUP2
00000086: PUSH1 0x00
00000088: DUP8
00000089: DUP1
0000008a: EXTCODESIZE
0000008b: ISZERO
0000008c: DUP1
0000008d: ISZERO
0000008e: PUSH2 0x0096
00000091: JUMPI
00000092: PUSH1 0x00
00000094: DUP1
00000095: REVERT
00000096: JUMPDEST
00000097: POP
00000098: GAS
00000099: CALL
0000009a: ISZERO
0000009b: DUP1
0000009c: ISZERO
0000009d: PUSH2 0x00aa
000000a0: JUMPI
000000a1: RETURNDATASIZE
000000a2: PUSH1 0x00
000000a4: DUP1
000000a5: RETURNDATACOPY
000000a6: RETURNDATASIZE
000000a7: PUSH1 0x00
000000a9: REVERT
000000aa: JUMPDEST
000000ab: POP
000000ac: POP
000000ad: PUSH1 0x40
000000af: MLOAD
000000b0: CALLVALUE
000000b1: DUP2
000000b2: MSTORE
000000b3: CALLER
000000b4: SWAP3
000000b5: POP
000000b6: PUSH32 0x25ca84076773b0455db53621c459ddc84fe40840e4932a62706a032566f399df
000000d7: SWAP2
000000d8: POP
000000d9: PUSH1 0x20
000000db: ADD
000000dc: PUSH1 0x40
000000de: MLOAD
000000df: DUP1
000000e0: SWAP2
000000e1: SUB
000000e2: SWAP1
000000e3: LOG2
000000e4: STOP
000000e5: JUMPDEST
000000e6: PUSH2 0x00ed
000000e9: PUSH2 0x014a
000000ec: JUMP
000000ed: JUMPDEST
000000ee: STOP
000000ef: JUMPDEST
000000f0: CALLVALUE
000000f1: DUP1
000000f2: ISZERO
000000f3: PUSH2 0x00fb
000000f6: JUMPI
000000f7: PUSH1 0x00
000000f9: DUP1
000000fa: REVERT
000000fb: JUMPDEST
000000fc: POP
000000fd: PUSH2 0x00ed
00000100: PUSH2 0x010a
00000103: CALLDATASIZE
00000104: PUSH1 0x04
00000106: PUSH2 0x0525
00000109: JUMP
0000010a: JUMPDEST
0000010b: PUSH2 0x015c
0000010e: JUMP
0000010f: JUMPDEST
00000110: CALLVALUE
00000111: DUP1
00000112: ISZERO
00000113: PUSH2 0x011b
00000116: JUMPI
00000117: PUSH1 0x00
00000119: DUP1
0000011a: REVERT
0000011b: JUMPDEST
0000011c: POP
0000011d: PUSH2 0x00ed
00000120: PUSH2 0x012a
00000123: CALLDATASIZE
00000124: PUSH1 0x04
00000126: PUSH2 0x053e
00000129: JUMP
0000012a: JUMPDEST
0000012b: PUSH2 0x0229
0000012e: JUMP
0000012f: JUMPDEST
00000130: PUSH2 0x00ed
00000133: PUSH2 0x013d
00000136: CALLDATASIZE
00000137: PUSH1 0x04
00000139: PUSH2 0x053e
0000013c: JUMP
0000013d: JUMPDEST
0000013e: PUSH2 0x032f
00000141: JUMP
00000142: JUMPDEST
00000143: PUSH2 0x00ed
00000146: PUSH2 0x03d0
00000149: JUMP
0000014a: JUMPDEST
0000014b: PUSH2 0x015a
0000014e: PUSH2 0x0155
00000151: PUSH2 0x046d
00000154: JUMP
00000155: JUMPDEST
00000156: PUSH2 0x049c
00000159: JUMP
0000015a: JUMPDEST
0000015b: JUMP
0000015c: JUMPDEST
0000015d: PUSH1 0x40
0000015f: DUP1
00000160: MLOAD
00000161: PUSH1 0x00
00000163: DUP2
00000164: MSTORE
00000165: PUSH1 0x20
00000167: DUP2
00000168: ADD
00000169: SWAP2
0000016a: DUP3
0000016b: SWAP1
0000016c: MSTORE
0000016d: PUSH4 0x9d876741
00000172: PUSH1 0xe0
00000174: SHL
00000175: SWAP1
00000176: SWAP2
00000177: MSTORE
00000178: ADDRESS
00000179: SWAP1
0000017a: PUSH4 0x9d876741
0000017f: SWAP1
00000180: PUSH2 0x0190
00000183: SWAP1
00000184: CALLER
00000185: SWAP1
00000186: DUP6
00000187: SWAP1
00000188: PUSH1 0x24
0000018a: DUP2
0000018b: ADD
0000018c: PUSH2 0x04c0
0000018f: JUMP
00000190: JUMPDEST
00000191: PUSH1 0x00
00000193: PUSH1 0x40
00000195: MLOAD
00000196: DUP1
00000197: DUP4
00000198: SUB
00000199: DUP2
0000019a: PUSH1 0x00
0000019c: DUP8
0000019d: DUP1
0000019e: EXTCODESIZE
0000019f: ISZERO
000001a0: DUP1
000001a1: ISZERO
000001a2: PUSH2 0x01aa
000001a5: JUMPI
000001a6: PUSH1 0x00
000001a8: DUP1
000001a9: REVERT
000001aa: JUMPDEST
000001ab: POP
000001ac: GAS
000001ad: CALL
000001ae: ISZERO
000001af: DUP1
000001b0: ISZERO
000001b1: PUSH2 0x01be
000001b4: JUMPI
000001b5: RETURNDATASIZE
000001b6: PUSH1 0x00
000001b8: DUP1
000001b9: RETURNDATACOPY
000001ba: RETURNDATASIZE
000001bb: PUSH1 0x00
000001bd: REVERT
000001be: JUMPDEST
000001bf: POP
000001c0: POP
000001c1: PUSH1 0x40
000001c3: MLOAD
000001c4: CALLER
000001c5: SWAP3
000001c6: POP
000001c7: DUP4
000001c8: ISZERO
000001c9: PUSH2 0x08fc
000001cc: MUL
000001cd: SWAP2
000001ce: POP
000001cf: DUP4
000001d0: SWAP1
000001d1: PUSH1 0x00
000001d3: DUP2
000001d4: DUP2
000001d5: DUP2
000001d6: DUP6
000001d7: DUP9
000001d8: DUP9
000001d9: CALL
000001da: SWAP4
000001db: POP
000001dc: POP
000001dd: POP
000001de: POP
000001df: ISZERO
000001e0: DUP1
000001e1: ISZERO
000001e2: PUSH2 0x01ef
000001e5: JUMPI
000001e6: RETURNDATASIZE
000001e7: PUSH1 0x00
000001e9: DUP1
000001ea: RETURNDATACOPY
000001eb: RETURNDATASIZE
000001ec: PUSH1 0x00
000001ee: REVERT
000001ef: JUMPDEST
000001f0: POP
000001f1: PUSH1 0x40
000001f3: MLOAD
000001f4: DUP2
000001f5: DUP2
000001f6: MSTORE
000001f7: CALLER
000001f8: SWAP1
000001f9: PUSH32 0x3bc27981aebbb57f9247dc00fde9d6cd91e4b230083fec3238fedbcba1f9ab3d
0000021a: SWAP1
0000021b: PUSH1 0x20
0000021d: ADD
0000021e: JUMPDEST
0000021f: PUSH1 0x40
00000221: MLOAD
00000222: DUP1
00000223: SWAP2
00000224: SUB
00000225: SWAP1
00000226: LOG2
00000227: POP
00000228: JUMP
00000229: JUMPDEST
0000022a: PUSH1 0x01
0000022c: PUSH1 0x01
0000022e: PUSH1 0xa0
00000230: SHL
00000231: SUB
00000232: DUP2
00000233: AND
00000234: PUSH2 0x0284
00000237: JUMPI
00000238: PUSH1 0x40
0000023a: MLOAD
0000023b: PUSH3 0x461bcd
0000023f: PUSH1 0xe5
00000241: SHL
00000242: DUP2
00000243: MSTORE
00000244: PUSH1 0x20
00000246: PUSH1 0x04
00000248: DUP3
00000249: ADD
0000024a: MSTORE
0000024b: PUSH1 0x17
0000024d: PUSH1 0x24
0000024f: DUP3
00000250: ADD
00000251: MSTORE
00000252: PUSH32 0x5555505350726f78793a207a65726f2061646472657373000000000000000000
00000273: PUSH1 0x44
00000275: DUP3
00000276: ADD
00000277: MSTORE
00000278: PUSH1 0x64
0000027a: ADD
0000027b: JUMPDEST
0000027c: PUSH1 0x40
0000027e: MLOAD
0000027f: DUP1
00000280: SWAP2
00000281: SUB
00000282: SWAP1
00000283: REVERT
00000284: JUMPDEST
00000285: PUSH1 0x00
00000287: PUSH2 0x02ae
0000028a: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc
000002ab: SLOAD
000002ac: SWAP1
000002ad: JUMP
000002ae: JUMPDEST
000002af: PUSH1 0x01
000002b1: PUSH1 0x01
000002b3: PUSH1 0xa0
000002b5: SHL
000002b6: SUB
000002b7: AND
000002b8: EQ
000002b9: PUSH2 0x0304
000002bc: JUMPI
000002bd: PUSH1 0x40
000002bf: MLOAD
000002c0: PUSH3 0x461bcd
000002c4: PUSH1 0xe5
000002c6: SHL
000002c7: DUP2
000002c8: MSTORE
000002c9: PUSH1 0x20
000002cb: PUSH1 0x04
000002cd: DUP3
000002ce: ADD
000002cf: MSTORE
000002d0: PUSH1 0x1e
000002d2: PUSH1 0x24
000002d4: DUP3
000002d5: ADD
000002d6: MSTORE
000002d7: PUSH32 0x5555505350726f78793a20616c726561647920696e697469616c697a65640000
000002f8: PUSH1 0x44
000002fa: DUP3
000002fb: ADD
000002fc: MSTORE
000002fd: PUSH1 0x64
000002ff: ADD
00000300: PUSH2 0x027b
00000303: JUMP
00000304: JUMPDEST
00000305: PUSH2 0x032c
00000308: DUP2
00000309: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc
0000032a: SSTORE
0000032b: JUMP
0000032c: JUMPDEST
0000032d: POP
0000032e: JUMP
0000032f: JUMPDEST
00000330: PUSH1 0x40
00000332: DUP1
00000333: MLOAD
00000334: PUSH1 0x00
00000336: DUP2
00000337: MSTORE
00000338: PUSH1 0x20
0000033a: DUP2
0000033b: ADD
0000033c: SWAP2
0000033d: DUP3
0000033e: SWAP1
0000033f: MSTORE
00000340: PUSH4 0xc68d4283
00000345: PUSH1 0xe0
00000347: SHL
00000348: SWAP1
00000349: SWAP2
0000034a: MSTORE
0000034b: ADDRESS
0000034c: SWAP1
0000034d: PUSH4 0xc68d4283
00000352: SWAP1
00000353: PUSH2 0x0363
00000356: SWAP1
00000357: DUP5
00000358: SWAP1
00000359: CALLVALUE
0000035a: SWAP1
0000035b: PUSH1 0x24
0000035d: DUP2
0000035e: ADD
0000035f: PUSH2 0x04c0
00000362: JUMP
00000363: JUMPDEST
00000364: PUSH1 0x00
00000366: PUSH1 0x40
00000368: MLOAD
00000369: DUP1
0000036a: DUP4
0000036b: SUB
0000036c: DUP2
0000036d: PUSH1 0x00
0000036f: DUP8
00000370: DUP1
00000371: EXTCODESIZE
00000372: ISZERO
00000373: DUP1
00000374: ISZERO
00000375: PUSH2 0x037d
00000378: JUMPI
00000379: PUSH1 0x00
0000037b: DUP1
0000037c: REVERT
0000037d: JUMPDEST
0000037e: POP
0000037f: GAS
00000380: CALL
00000381: ISZERO
00000382: DUP1
00000383: ISZERO
00000384: PUSH2 0x0391
00000387: JUMPI
00000388: RETURNDATASIZE
00000389: PUSH1 0x00
0000038b: DUP1
0000038c: RETURNDATACOPY
0000038d: RETURNDATASIZE
0000038e: PUSH1 0x00
00000390: REVERT
00000391: JUMPDEST
00000392: POP
00000393: POP
00000394: POP
00000395: POP
00000396: DUP1
00000397: PUSH1 0x01
00000399: PUSH1 0x01
0000039b: PUSH1 0xa0
0000039d: SHL
0000039e: SUB
0000039f: AND
000003a0: PUSH32 0x25ca84076773b0455db53621c459ddc84fe40840e4932a62706a032566f399df
000003c1: CALLVALUE
000003c2: PUSH1 0x40
000003c4: MLOAD
000003c5: PUSH2 0x021e
000003c8: SWAP2
000003c9: DUP2
000003ca: MSTORE
000003cb: PUSH1 0x20
000003cd: ADD
000003ce: SWAP1
000003cf: JUMP
000003d0: JUMPDEST
000003d1: PUSH1 0x40
000003d3: DUP1
000003d4: MLOAD
000003d5: PUSH1 0x00
000003d7: DUP2
000003d8: MSTORE
000003d9: PUSH1 0x20
000003db: DUP2
000003dc: ADD
000003dd: SWAP2
000003de: DUP3
000003df: SWAP1
000003e0: MSTORE
000003e1: PUSH4 0xc68d4283
000003e6: PUSH1 0xe0
000003e8: SHL
000003e9: SWAP1
000003ea: SWAP2
000003eb: MSTORE
000003ec: ADDRESS
000003ed: SWAP1
000003ee: PUSH4 0xc68d4283
000003f3: SWAP1
000003f4: PUSH2 0x0404
000003f7: SWAP1
000003f8: CALLER
000003f9: SWAP1
000003fa: CALLVALUE
000003fb: SWAP1
000003fc: PUSH1 0x24
000003fe: DUP2
000003ff: ADD
00000400: PUSH2 0x04c0
00000403: JUMP
00000404: JUMPDEST
00000405: PUSH1 0x00
00000407: PUSH1 0x40
00000409: MLOAD
0000040a: DUP1
0000040b: DUP4
0000040c: SUB
0000040d: DUP2
0000040e: PUSH1 0x00
00000410: DUP8
00000411: DUP1
00000412: EXTCODESIZE
00000413: ISZERO
00000414: DUP1
00000415: ISZERO
00000416: PUSH2 0x041e
00000419: JUMPI
0000041a: PUSH1 0x00
0000041c: DUP1
0000041d: REVERT
0000041e: JUMPDEST
0000041f: POP
00000420: GAS
00000421: CALL
00000422: ISZERO
00000423: DUP1
00000424: ISZERO
00000425: PUSH2 0x0432
00000428: JUMPI
00000429: RETURNDATASIZE
0000042a: PUSH1 0x00
0000042c: DUP1
0000042d: RETURNDATACOPY
0000042e: RETURNDATASIZE
0000042f: PUSH1 0x00
00000431: REVERT
00000432: JUMPDEST
00000433: POP
00000434: POP
00000435: PUSH1 0x40
00000437: MLOAD
00000438: CALLVALUE
00000439: DUP2
0000043a: MSTORE
0000043b: CALLER
0000043c: SWAP3
0000043d: POP
0000043e: PUSH32 0x25ca84076773b0455db53621c459ddc84fe40840e4932a62706a032566f399df
0000045f: SWAP2
00000460: POP
00000461: PUSH1 0x20
00000463: ADD
00000464: PUSH1 0x40
00000466: MLOAD
00000467: DUP1
00000468: SWAP2
00000469: SUB
0000046a: SWAP1
0000046b: LOG2
0000046c: JUMP
0000046d: JUMPDEST
0000046e: PUSH1 0x00
00000470: PUSH2 0x0497
00000473: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc
00000494: SLOAD
00000495: SWAP1
00000496: JUMP
00000497: JUMPDEST
00000498: SWAP1
00000499: POP
0000049a: SWAP1
0000049b: JUMP
0000049c: JUMPDEST
0000049d: CALLDATASIZE
0000049e: PUSH1 0x00
000004a0: DUP1
000004a1: CALLDATACOPY
000004a2: PUSH1 0x00
000004a4: DUP1
000004a5: CALLDATASIZE
000004a6: PUSH1 0x00
000004a8: DUP5
000004a9: GAS
000004aa: DELEGATECALL
000004ab: RETURNDATASIZE
000004ac: PUSH1 0x00
000004ae: DUP1
000004af: RETURNDATACOPY
000004b0: DUP1
000004b1: DUP1
000004b2: ISZERO
000004b3: PUSH2 0x04bb
000004b6: JUMPI
000004b7: RETURNDATASIZE
000004b8: PUSH1 0x00
000004ba: RETURN
000004bb: JUMPDEST
000004bc: RETURNDATASIZE
000004bd: PUSH1 0x00
000004bf: REVERT
000004c0: JUMPDEST
000004c1: PUSH1 0x01
000004c3: DUP1
000004c4: PUSH1 0xa0
000004c6: SHL
000004c7: SUB
000004c8: DUP5
000004c9: AND
000004ca: DUP2
000004cb: MSTORE
000004cc: PUSH1 0x00
000004ce: PUSH1 0x20
000004d0: DUP5
000004d1: DUP2
000004d2: DUP5
000004d3: ADD
000004d4: MSTORE
000004d5: PUSH1 0x60
000004d7: PUSH1 0x40
000004d9: DUP5
000004da: ADD
000004db: MSTORE
000004dc: DUP4
000004dd: MLOAD
000004de: DUP1
000004df: PUSH1 0x60
000004e1: DUP6
000004e2: ADD
000004e3: MSTORE
000004e4: PUSH1 0x00
000004e6: JUMPDEST
000004e7: DUP2
000004e8: DUP2
000004e9: LT
000004ea: ISZERO
000004eb: PUSH2 0x0502
000004ee: JUMPI
000004ef: DUP6
000004f0: DUP2
000004f1: ADD
000004f2: DUP4
000004f3: ADD
000004f4: MLOAD
000004f5: DUP6
000004f6: DUP3
000004f7: ADD
000004f8: PUSH1 0x80
000004fa: ADD
000004fb: MSTORE
000004fc: DUP3
000004fd: ADD
000004fe: PUSH2 0x04e6
00000501: JUMP
00000502: JUMPDEST
00000503: POP
00000504: PUSH1 0x00
00000506: PUSH1 0x80
00000508: DUP3
00000509: DUP7
0000050a: ADD
0000050b: ADD
0000050c: MSTORE
0000050d: PUSH1 0x80
0000050f: PUSH1 0x1f
00000511: NOT
00000512: PUSH1 0x1f
00000514: DUP4
00000515: ADD
00000516: AND
00000517: DUP6
00000518: ADD
00000519: ADD
0000051a: SWAP3
0000051b: POP
0000051c: POP
0000051d: POP
0000051e: SWAP5
0000051f: SWAP4
00000520: POP
00000521: POP
00000522: POP
00000523: POP
00000524: JUMP
00000525: JUMPDEST
00000526: PUSH1 0x00
00000528: PUSH1 0x20
0000052a: DUP3
0000052b: DUP5
0000052c: SUB
0000052d: SLT
0000052e: ISZERO
0000052f: PUSH2 0x0537
00000532: JUMPI
00000533: PUSH1 0x00
00000535: DUP1
00000536: REVERT
00000537: JUMPDEST
00000538: POP
00000539: CALLDATALOAD
0000053a: SWAP2
0000053b: SWAP1
0000053c: POP
0000053d: JUMP
0000053e: JUMPDEST
0000053f: PUSH1 0x00
00000541: PUSH1 0x20
00000543: DUP3
00000544: DUP5
00000545: SUB
00000546: SLT
00000547: ISZERO
00000548: PUSH2 0x0550
0000054b: JUMPI
0000054c: PUSH1 0x00
0000054e: DUP1
0000054f: REVERT
00000550: JUMPDEST
00000551: DUP2
00000552: CALLDATALOAD
00000553: PUSH1 0x01
00000555: PUSH1 0x01
00000557: PUSH1 0xa0
00000559: SHL
0000055a: SUB
0000055b: DUP2
0000055c: AND
0000055d: DUP2
0000055e: EQ
0000055f: PUSH2 0x0567
00000562: JUMPI
00000563: PUSH1 0x00
00000565: DUP1
00000566: REVERT
00000567: JUMPDEST
00000568: SWAP4
00000569: SWAP3
0000056a: POP
0000056b: POP
0000056c: POP
0000056d: JUMP
0000056e: INVALID
0000056f: LOG2
00000570: PUSH5 0x6970667358
00000576: UNKNOWN(0x22)
00000577: SLT
00000578: KECCAK256
00000579: CALLDATASIZE
0000057a: PUSH21 0x2b2c6bf9cae7f2505637ac624b580cedab1b7cae46
00000590: DUP12
00000591: UNKNOWN(0xC3)
00000592: GT
00000593: EXP
00000594: UNKNOWN(0xC4)
00000595: DUP7
00000596: DELEGATECALL
00000597: MOD
00000598: UNKNOWN(0xD9)
00000599: PUSH5 0x736f6c6343
0000059f: STOP
000005a0: ADDMOD
000005a1: LT
000005a2: STOP
000005a3: CALLER
View stderr 
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
critical upgradeability detector Untrusted DELEGATECALL target reachable 70 yes yes
view
trace_id: 0xef39d4802fc4f28276d5705fc6308ae54f98c6d22e9bcd42edd5f7f30af0362e
call_targets: 0x08ecf8ec4cec8a00d5460d3faf9f0719c80a3513, 0x33654b16a4de97bce05d7dd06803bf1066f3123c, 0x48acf0fbc6a8b38bc8b70b7c02a90c66858649ea, 0x75e58f16f95ac530789d22e55713c9f8dc22444c, 0x8147b99df7672a21809c9093e6f6ce1a60f119bd, 0x83fdcea7ddc5e360e88cd0abc5b8449e71264879, 0x9da054d80de6fcf920d4e22346ccf20aafdc83b5, 0xadc45df3cf1584624c97338bef33363bf5b97ada, 0xb27c52c7f84819e3157993489741cb60786ae330, 0xdbd0cf7716508818b78d76d05c65aeb01ee7be07, 0xf26967f92151487f8c6642199c3441b02398d19e
target_varies: yes
classification: target_varies
validation_json 
{
    "sink": "DELEGATECALL",
    "errors": 0,
    "status": "confirmed",
    "attempts": 2,
    "trace_id": "0xef39d4802fc4f28276d5705fc6308ae54f98c6d22e9bcd42edd5f7f30af0362e",
    "confirmed": true,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x08ecf8ec4cec8a00d5460d3faf9f0719c80a3513",
        "0x33654b16a4de97bce05d7dd06803bf1066f3123c",
        "0x48acf0fbc6a8b38bc8b70b7c02a90c66858649ea",
        "0x75e58f16f95ac530789d22e55713c9f8dc22444c",
        "0x8147b99df7672a21809c9093e6f6ce1a60f119bd",
        "0x83fdcea7ddc5e360e88cd0abc5b8449e71264879",
        "0x9da054d80de6fcf920d4e22346ccf20aafdc83b5",
        "0xadc45df3cf1584624c97338bef33363bf5b97ada",
        "0xb27c52c7f84819e3157993489741cb60786ae330",
        "0xdbd0cf7716508818b78d76d05c65aeb01ee7be07",
        "0xf26967f92151487f8c6642199c3441b02398d19e"
    ],
    "matched_probe": null,
    "target_varies": true,
    "classification": "target_varies"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x160e8be3",
            "selector": "0x160e8be3",
            "calldata_variants": [
                "0x160e8be3",
                "0x160e8be30000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x4a0687ef",
            "selector": "0x4a0687ef",
            "calldata_variants": [
                "0x4a0687ef",
                "0x4a0687ef0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x7687d19b",
            "selector": "0x7687d19b",
            "calldata_variants": [
                "0x7687d19b",
                "0x7687d19b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xcf81464b",
            "selector": "0xcf81464b",
            "calldata_variants": [
                "0xcf81464b",
                "0xcf81464b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 1194,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        },
        {
            "pc": 1430,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        }
    ],
    "guards_detected": [],
    "delegatecall_count": 2,
    "untrusted_delegatecall_count": 2
}
high other detector Untrusted CALL target/value reachable 60 no no
view
trace_id: 0x9402b90c139e70ace8f6071e31433d4ad59202eb815236a31c0d14f47f73c6d2
call_targets: 0xc22bea0be9872d8b7b3933cec70ece4d53a900da
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x9402b90c139e70ace8f6071e31433d4ad59202eb815236a31c0d14f47f73c6d2",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0xc22bea0be9872d8b7b3933cec70ece4d53a900da"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x160e8be3",
            "selector": "0x160e8be3",
            "calldata_variants": [
                "0x160e8be3",
                "0x160e8be30000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x4a0687ef",
            "selector": "0x4a0687ef",
            "calldata_variants": [
                "0x4a0687ef",
                "0x4a0687ef0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x7687d19b",
            "selector": "0x7687d19b",
            "calldata_variants": [
                "0x7687d19b",
                "0x7687d19b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xcf81464b",
            "selector": "0xcf81464b",
            "calldata_variants": [
                "0xcf81464b",
                "0xcf81464b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 153,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 429,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 473,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 5,
    "guards_detected": [],
    "untrusted_call_count": 5
}
high other detector ETH value transfer possible 55 no no
view
trace_id: 0x9402b90c139e70ace8f6071e31433d4ad59202eb815236a31c0d14f47f73c6d2
call_targets: 0xc22bea0be9872d8b7b3933cec70ece4d53a900da
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x9402b90c139e70ace8f6071e31433d4ad59202eb815236a31c0d14f47f73c6d2",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0xc22bea0be9872d8b7b3933cec70ece4d53a900da"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x160e8be3",
            "selector": "0x160e8be3",
            "calldata_variants": [
                "0x160e8be3",
                "0x160e8be30000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x4a0687ef",
            "selector": "0x4a0687ef",
            "calldata_variants": [
                "0x4a0687ef",
                "0x4a0687ef0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x7687d19b",
            "selector": "0x7687d19b",
            "calldata_variants": [
                "0x7687d19b",
                "0x7687d19b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xcf81464b",
            "selector": "0xcf81464b",
            "calldata_variants": [
                "0xcf81464b",
                "0xcf81464b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 153,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 429,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 473,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 5,
    "guards_detected": []
}